I needed to meet my company’s required security policy for taking source code offsite: 256bit AES encryption.
Since the source code I had on my laptop was within a Virtual Machine, I thought it would be a good solution to make an encrypted filesystem big enough for the VM, and only mount it when I wanted to work.
Here’s my requirements:
- Encrypted FS that is (un)mountable whenever need be
- Passphrase to mount the filesystem
- 30GB of storage within the filesystem, to accomodate the 30GB VM disk.
First, we create a file that will become the filesystem. Using dd we make it the size we want:
dd if=/dev/zero bs=1G count=30 of=/home/steve/devel_image
Here’s what the attributes mean:
if is the input file since we’re making an empty file we’ll set if to /dev/zero, which will give us an empty file of zeros
of is the output file, or the file you want to create. Here I’m telling it to make a file called devel_image in my /home/steve folder
bs is the bytes, but I like to call it the bucket size, since the way it is used is to declare your unit size. Here 1G means we wants 1GB chunks, or buckets. You can give it different units, 1M, 5G, whatever.
count is the number of buckets you wish to use. Since we want a 30GB file, and are using 1G buckets, we’ll need 30 of them to make 30GB.
This makes a 30GB file called devel_image in my home directory, and takes some time to complete (30 gigs is kinda big, y’know?)
Next we setup a loopback device (which will make the system see the file as a drive). using losetup you can create the device, and you can even add encryption at this point–however it’s becomming deprecated, and better to handle the encryption on it’s own (as cryptoloop support will be removed from the kernel at some point