Free Hosting Online for WorkStations

< Previous | Contents | Next >

9.4.3. Setting Up Encrypted Persistence on a USB Key‌


live-boot is also able to handle persistence file systems on encrypted partitions. You can thus protect the data of your persistent directories by creating a LUKS encrypted partition holding the persistence data.

The initial steps are the same up to the creation of the partition but instead of formatting it with an ext4 file system, use cryptsetup to initialize it as a LUKS container. Then open that container and setup the ext4 file system in the same way as in the non-encrypted setup, but instead of using the /dev/sdb3 partition, use the virtual partition created by cryptsetup. This virtual partition represents the decrypted content of the encrypted partition, which is available in /dev/mapper under the name that you assigned it. In the example below, we will use the name kali_persistence. Again, ensure that you are using the correct drive and partition.


# cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb3


WARNING!

========

This will overwrite data on /dev/sdb3 irrevocably.


Are you sure? (Type uppercase yes): YES

# cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb3


WARNING!

========

This will overwrite data on /dev/sdb3 irrevocably.


Are you sure? (Type uppercase yes): YES


Enter passphrase: Verify passphrase: Command successful.

# cryptsetup luksOpen /dev/sdb3 kali_persistence

Enter passphrase for /dev/sdb3:

# mkfs.ext4 -L persistence /dev/mapper/kali_persistence

mke2fs 1.43-WIP (15-Mar-2016)

Creating filesystem with 7096320 4k blocks and 1774192 inodes Filesystem UUID: 287892c1-00bb-43cb-b513-81cc9e6fa72b Superblock backups stored on blocks:

32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,

4096000


Allocating group tables: done Writing inode tables: done

Creating journal (32768 blocks): done

Writing superblocks and filesystem accounting information: done


# mount /dev/mapper/kali_persistence /mnt

# echo ”/ union” >/mnt/persistence.conf

# umount /mnt

# cryptsetup luksClose /dev/mapper/kali_persistence

Enter passphrase: Verify passphrase: Command successful.

# cryptsetup luksOpen /dev/sdb3 kali_persistence

Enter passphrase for /dev/sdb3:

# mkfs.ext4 -L persistence /dev/mapper/kali_persistence

mke2fs 1.43-WIP (15-Mar-2016)

Creating filesystem with 7096320 4k blocks and 1774192 inodes Filesystem UUID: 287892c1-00bb-43cb-b513-81cc9e6fa72b Superblock backups stored on blocks:

32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,

4096000


Allocating group tables: done Writing inode tables: done

Creating journal (32768 blocks): done

Writing superblocks and filesystem accounting information: done


# mount /dev/mapper/kali_persistence /mnt

# echo ”/ union” >/mnt/persistence.conf

# umount /mnt

# cryptsetup luksClose /dev/mapper/kali_persistence


Top OS Cloud Computing at OnWorks: