[kwlug-disc] folder encryption
Chris Frey
cdfrey at foursquare.net
Thu Sep 29 16:22:41 EDT 2022
On Thu, Sep 29, 2022 at 02:05:55PM -0400, CrankyOldBugger wrote:
> So.. what do you guys recommend for natively (i.e. inside Ubuntu) for
> creating a folder then encrypting all the contents? Is this a doable thing
> without major headaches?
I'm a fan of cryptsetup.
# create image file, sparse or not (don't go less than about 20M
# due to required size of luks headers and keys)
dd if=/dev/zero of=image.bin bs=1 count=0 seek=100M
# encrypt it
cryptsetup luksFormat ./image.bin
# open it
cryptsetup open ./image.bin image
# fs it
mkfs /dev/mapper/image
# mount it... can go anywhere you need
mount /dev/mapper/image /mnt
# enjoy it
cp secrets /mnt
# unmount it
umount /mnt
# close it
cryptsetup close image
Watch out for swap... if your swap partition is not encrypted, some of
your private date can end up there.
You can put things in /etc/crypttab and /etc/fstab to automate the mounting
process. There are tools like cryptdisks_start and cryptdisks_stop.
I do this on home directories, usb backup sticks, etc.
- Chris
More information about the kwlug-disc
mailing list