How to encrypt your HDD (Debian/Ubuntu)

Hey FST.

For this tutorial I used a VMware of Debian Lenny with 15GB of free space on /home. This is how to encrypt the hard disk and build two shell scripts to either mount or unmount the device. This also works for your computer at home and can be usefull there aswell :) Lets begin by allocating space for your encryption. For that we have to download some applications (dependencies). First we change to the /home directory because this is where we want to save the container volume. We are using the dd command to allocate 15 GB ( 15*1024*1024 = 15.727.640 ). You can see the progress by opening an 2nd shell and typing "df -h"

Quote:

---

cd /home
apt-get install cryptsetup dmsetup hashalot
dd if=/dev/zero of=volume bs=1k count=15728640

---

Once all the space is allocated you can start writing the 2 shellscripts to mount and unmount the volume i will call them "mountvolume" and "killvolume" We will use the editor nano to write the shellscripts. Once your done writing the script use str+x to close ( and save ) it.

Quote:

---

# nano /usr/bin/mountvolume
#########################################################################
#!/bin/bash
losetup /dev/loop0 /home/volume
sleep 1
cryptsetup luksOpen /dev/loop0 volume
sleep 1
mount -t ext2 /dev/mapper/volume /glftpd/site
#########################################################################

---

Now we have to write the unmount script called killvolume

Quote:

---

# nano /usr/bin/mountvolume
#########################################################################
#!/bin/bash
umount /dev/mapper/volume
cryptsetup luksClose volume
losetup -d /dev/loop0
#########################################################################

---

Now we have both scripts we need to set the proper chmod for them so it can be executed. We do that by typing

Quote:

---

chmod +x /usr/bin/unmountvolume
chmod +x /usr/bin/mountvolume

---

Now the scripts are all set and executable. Next we use losetup to create a loopback device Then we use modprobe to load the needed Modules. And finish it by encrypting the container using cryptsetup

Quote:

---

losetup /dev/loop0 /home/volume
modprobe cryptoloop
modprobe dm_crypt
cryptsetup -c aes-cbc-essiv:sha256 -y luksFormat /dev/loop0

---

cryptsetup will ask you for a password rather think of some long password or simply create on using the following command ( but do not forget to delete it from the server later ... )

Quote:

---

head /dev/urandom | md5sum | awk '{print $1}' > /home/password.txt

---

We are almost done all that is left is that we need to open the container and create a filesystem on it I will be using ext2

Quote:

---

cryptsetup luksOpen /dev/loop0 volume
mkfs.ext2 /dev/mapper/volume
mount -t ext2

---

Now you can encrypt those naughty files :D

Enjoy!

Great stuff. I was looking for something like that, to run on my karmic koala.

Thanks alot for this phauk. Really helpful ;)

Good, glad to hear it ;)

This is Really Helpful

Truecrypt would be an easier option i would have thought, It has a GUI where you can mount and dismount folders, you can even encrypt an in place operating system on the fly while you are playing games surfing the net etc
But hey if you like the scripting route you can even build a script to suit your situation, Just thought I would share another option to you guys/gals.

nice guide,
of course as a fedora user, all I need to do encrypt my HDD is check "encrypt the disk" and enter a pass, at the install ;)

Quote:

---

Originally Posted by Expeto

nice guide,
of course as a fedora user, all I need to do encrypt my HDD is check "encrypt the disk" and enter a pass, at the install ;)

---

heh, that's true - but thats with a gui, I was focusing on doing it raw :P

I can make a guide for Fedora if you like with screenshots? :lol:

Nice information which I had been looking for a long time. Thanks for sharing such a wonderful information with us.
Keep it up

I usually use LUKS encryption and dm-crypt. I use it to encrypt flash drives and wear it sefely.