Full encryption

    Once there was an idea to hide the data away from people's eyes, I poked around various encryption systems and found a huge minus in them, they advertise their presence (need to be installed) and make the cryptocontainer explicit (empty section or file with a cryptocontainer)

    i.e. in both cases, “thermorectal cryptanalysis TM ” is possible due to the fact that there is encrypted information on the computer.

    Which led me to write a small script.
    It can be run even with LiveCD, it does not create encrypted files or partitions, but of course it has the following problems:
    • it is necessary to control data integrity manually;

    Below is the code, use it at your own risk, in which case I will not be liable for damage to your data.
    Who cares, look under the cat.



    The essence of all body movements is to create a cryptocontainer on a used disk in an unused area using only the built-in commands of the standard Ububntu LiveCD.

    I tested it only in the sandbox (on a separate section of 200 MB in size I created a 50 MB cryptocontainer with an offset of 50 MB) MD5 the sum of the files on the physical partition (20 MB) and inside the cryptocontainer (10 MB) matched the originals.

    We do everything under the root (sudo su).
    device, place (Displacement), replace the size with your own. The size and offset from the beginning of the disk is everywhere indicated in megabytes bytes.

    Create


    modprobe cryptoloop
    modprobe aes

    mkdir ~ / mnt1
    mount -t tmpfs ~ / mnt1
    dd if = / dev / urandom of = ~ / mnt1 / file bs = 1M count = size
    losetup -e aes / dev / loop2 ~ / mnt1 / file
    // enter the password
    mkfs -t ext2 / dev / loop2
    dd if = / dev / loop2 of = device bs = 1M seek = location count = size

    losetup -e aes / dev / loop1 <device> -o <place> --sizelimit <size >
    // enter the password
    mount / dev / loop1 <mount point>
    mkfs -t ext2 <mount point>


    Mount


    modprobe cryptoloop
    modprobe aes


    mkdir ~ / mnt1
    mkdir ~ / mnt2
    mount -t tmpfs ~ / mnt1
    dd of = ~ / mnt1 / file if = device bs = 1M skip = place count = size
    losetup -e aes / dev / loop2 ~ / mnt1 / file
    // enter the password
    mount / dev / loop2 ~ / mnt2

    losetup -e aes / dev / loop1 <device> -o <place> --sizelimit <size>
    // enter the password
    mount / dev / loop1 <mount point>

    Unmount


    umount / dev / loop2
    dd if = / dev / loop2 of = device bs = 1M seek = location count = size

    umount / dev / loop1

    Note


    If anyone knows a simpler solution, please ask in the comments. And once again I warn you, this method is dangerous for your data, use it only in extreme cases. There may also be errors and inaccuracies in the script, so I do not recommend using it on very important data.

    PS: As a continuation of this method, in a small container created by this method, you can put a complete encryption program, for example, the same Truecrypt. Or come up with something of your own using a similar principle, but already more convenient and more secure.

    UPD: Early was young and stupid, everything is done much easier than it was originally presented, actually corrected the article.

    Also popular now: