Hardware Reference
In-Depth Information
1. First, we need to create an empty file to hold our vault. Here you'll have
to decide how much storage space to allocate to your vault. Once created,
you won't be able to increase the size, so think about what kind of files you
plan to store and their average size. Use the following command but replace
[size]
with the number of megabytes you'd like to allocate:
pi@raspberrypi ~ $ dd if=/dev/zero of=~/myvault.vol bs=1M
count=[size]
2. Next, we'll create an encrypted filesystem inside the
myvault.vol
ile
compatible with a platform-independent standard called
Linux Unified Key
Setup (LUKS)
. We'll specify
-t vfat
to get a FAT32 filesystem that can be
accessed under Windows. If you don't intend to move the container, you may
prefer
ext4
:
pi@raspberrypi ~ $ sudo luksformat -t vfat ~/myvault.vol
Since formatting something will overwrite whatever was there before, even
though it's just a single file in this case, you'll be prompted with a warning
and will have to type
YES
in all caps to initiate the process. Next, you'll be
asked (three times) for a password that will be required to unlock your vault.
You can safely ignore the warning from
mkfs.vfat
about drive geometry.
3.
If you're curious about the encryption in use on your vault, you can type the
following command to get a detailed report:
pi@raspberrypi ~ $ sudo cryptsetup luksDump ~/myvault.vol
You'll see that
cryptsetup
uses
AES
encryption by default and that the
LUKS format actually allows multiple passwords to unlock your vault as
displayed by the
Key Slots
. Type
cryptsetup --help
to get a list of possible
actions that can be performed on your vault.
4.
Now that the vault has been created, let's see how we would use it. First we
need to unlock it with the following command:
pi@raspberrypi ~ $ sudo cryptsetup luksOpen ~/myvault.vol myvault
Once you've entered the correct password, your vault will be made available
in
/dev/mapper
under the name we've specified at the end of the line,
/dev/
mapper/myvault
in this case. You can now use this device as if it was a regular
attached hard disk.
5.
The next step is to mount the vault under a directory in
/home/pi
for easy
access. Let's create the directory first:
pi@raspberrypi ~ $ mkdir ~/vault
