November 29, 2009 at 01:32Paranoia without borders or encrypt LVM from files
After reading today's topic from the BSD blog about data encryption, it occurred to me to create an LVM volume from several files and encrypt it.
I won’t pull the cat by the tail, but right away I will show how I did it.
In this case, files on the same hard drive in one partition (/ tmp) are encrypted, but no one forbids placing container files anywhere. Let's get started!
Let's create 5 files, each 50 MB in size, which will be the containers: Check: Now we will turn our safes into devices using losetup : Now we have 5 devices each 50 MB in size to store large amounts of data, we will merge them into one Logical Volume. If the pvcreate utility is not available, install it
I won’t pull the cat by the tail, but right away I will show how I did it.
In this case, files on the same hard drive in one partition (/ tmp) are encrypted, but no one forbids placing container files anywhere. Let's get started!
Let's create 5 files, each 50 MB in size, which will be the containers: Check: Now we will turn our safes into devices using losetup : Now we have 5 devices each 50 MB in size to store large amounts of data, we will merge them into one Logical Volume. If the pvcreate utility is not available, install it
/tmp # for i in `seq 1 5`; do dd if=/dev/zero of=safe.$i bs=1M count=50; done
50+0 records in
50+0 records out
52428800 bytes (52 MB) copied, 0.235608 s, 223 MB/s
/tmp # ls
-rw-r--r-- 1 root root 50M 2009-11-28 03:02 safe.1
-rw-r--r-- 1 root root 50M 2009-11-28 03:02 safe.2
-rw-r--r-- 1 root root 50M 2009-11-28 03:02 safe.3
-rw-r--r-- 1 root root 50M 2009-11-28 03:02 safe.4
-rw-r--r-- 1 root root 50M 2009-11-28 03:02 safe.5
/tmp # for i in `seq 1 5`; do losetup /dev/loop$i /tmp/safe.$i; done
apt-get install lvm2(for ubuntu)
Now we have a 200 MB LV located in / dev / vg0 / lvopt
Encrypt it, for example, using twofish :
That's all now you can check what happened. First, format the new device in ext4:
Fill our safe with data to make sure that it works. We will take the data from / dev / zero.
Now in LV there is a test file, which takes up an available place, check:
Now unmount our LV:
And try to read the contents of the device now:
Make sure that the device is encrypted!
Container files can be of different sizes and can be located on any hard drives, which should make it difficult to detect them, as well as combining them into one device./tmp # pvcreate /dev/loop{1,2,3,4,5}
Physical volume "/dev/loop1" successfully created
/tmp # vgcreate vg0 /dev/loop{1,2,3,4,5}
Volume group "vg0" successfully created
/tmp # vgscan
Reading all physical volumes. This may take a while...
Found volume group "vg0" using metadata type lvm2
/tmp # lvcreate --size 200M --name lvopt vg0
Logical volume "lvopt" created
/tmp # cryptsetup -y create datasafe /dev/vg0/lvopt
Enter passphrase:
Verify passphrase:
mkfs.ext4dev /dev/mapper/datasafe
mke2fs 1.41.9 (22-Aug-2009)
Смонтируем устройство:
mount -t ext4 /dev/mapper/datasafe /mеdia/safe/
cat /dev/zero >> /media/safe/test
cat: write error: No space left on device
df -h
Filesystem Size Used Avail Use% Mounted on
[....]
/dev/mapper/datasafe 194M 193M 0 100% /media/safe
umount /media/safe/
cryptsetup remove datasafe
less -f /dev/vg0/lvopt