Tuesday, August 25, 2009

Encrypted Virtual File System (EVFS): Building a encrypted Linux filesystem from an ordinary linux file

This tutorial will explain step-by-step process to create Encrypted Virtual Linux File System (EVFS).

First let me explain you, What are the advantages of EVFS:
1. You can take a disk file, format it as an vfat, ext3 filesystem, and then mount it, just like a physical drive. This is an excellent way to investigate different filesystems without hassle of reformatting a physical drive.

2. It protects unauthorized access to the information.

3. It is a single file which will acts as encrypted virtual disk, that will store files, directories inside it.

4. The big advantage is, it is Portable. The file we create here will open as encrypted virtual disk in windows, Linux, etc.


We will use LUKS (Linux Unified Key Setup) standard for creating encrypted virtual file system.
LUKS is a standard for hard disk encryption. Most disk encryption software implements different and incompatible formats, LUKS specifies a platform-independent standard on disk format for use in various tools on different operating systems such as Windows, Linux, etc

In this article, I will explain how to create encrypted virtual disk, how to use it on Linux and how to use it on windows.

A. How to create Encrypted Virtual Disk
  • Step1: Create a file with desired size. (The size you will specify here will be the size of your virtual disk.)
dd if=/dev/urandom of=disk.img bs=1M count=10

I used urandom to fill the file with random values. You can use if=/dev/zero instead of if=/dev/urandom to fill the file with zeros. Bydefault dd uses 512bytes as a size parameter. We define custom size using bs argument, as show in example (in blue colour). The bs argument accepts common suffixes (k, M, G) for large numbers. bs specifies the number of bytes read into memory with single read() system call and written out with s single write() system call. I created 10MB file in this example. (size = bs * count). You can tune the bs and count parameters according to your need.
  • Step 2: Make the file we created as a disk device
sudo losetup /dev/loop0 disk.img

Loop device makes a file accessible as a block device. losetup command associats the file (disk.img in our example) with loop device (loop0 in our example)
  • Step 3: Now we have a partition of 10MB. In this step we will encrypt that partition.
sudo cryptsetup luksFormat -c aes -s 256 /dev/loop0

-c parameter is used to specify cipher. I used AES (Advanced Encryption Standard) in this example.
-s parameter is used to specify keysize for cipher in bits. It must be multiple of 8 bits. In this example I used 256 bit cipher key.

(Note: You can tune above parameters according to ur need)

(Note: This will ask you for confirmation before proceeding, you have to type YES in uppercase, if you want to continue. Then it will ask you for password for EVFS. This password you have to use whenever you want to access EVFS).
  • Step4: Now tell Linux to treat the encrypted partition as a Disk Device.
sudo cryptsetup luksOpen /dev/loop0 krp

krp is the name of disk device. you can use any name there.
  • Step5: Now Format the file system on ths disk
sudo mkfs -t vfat /dev/mapper/krp
  • Step6: Done. Cleanup the system now.
sudo cryptsetup luksClose krp
sudo losetup -d /dev/loop0

Now we have a single file as a encrypted virtual file system. In that file we can store any data which we want to hide from others. And as it is a single file you can move it from one machine to another machine without hassle of reformatting and installation of OS.


B. How to use Encrypted Virtual File System on Linux

Step 1: Tell Linux to treat this file as a disk device

sudo losetup /dev/loop0 disk.img

Step2: Tell Linux to treat the encrypted partition as a disk device

sudo cryptsetup luksOpen /dev/loop0 kailas

Step3: Mount the disk

sudo mount /dev/mapper/kailas /mnt

Now you can access the files in directory /mnt
You can create new files there or copy files there. Those files will be stored in your encrypted Virtual FileSystem.

C. How to cleanup EVFS after using it on Linux

sudo umount /dev/mapper/kailas
sudo cryptsetup luksClose kailas
sudo losetup -d /dev/loop0


D. How to use Encrypted Virtual File System on Windows

To open/access the EVFS we created above on Windows, download a open source free software FreeOTFE.
Install the FreeOTFE software, then launch the FreeOTFE software.
Select "File-> Linux Volume -> Mount File"

Enter the password of EVFS. FreeOTFE will show the virtual drive. Done!.

2 comments:

  1. Sounds interesting, but does it resist cracks?

    ReplyDelete
  2. I am not quiet sure abt resistance to cracks/hacks. But it is better than no protection at all.

    ReplyDelete