1

I have an Ubuntu server 20.4 installed in Virtual Box. I wanted to make a Virtual Hard Drive. So I made an Image to Hold Virtual Drive Volume and formated the EXT4 file system type in the image file with these commands.

  • sudo dd if=/dev/zero of=VHD.img bs=1M count=1200
  • mkfs -t ext4 VHD.img

After, I mounted the image file in the/mnt directory with this.

  • mount -t auto -o loop VHD.img /mnt

This is the output of the df -HT command.

udev                              devtmpfs  469M     0  469M   0% /dev
tmpfs                             tmpfs     103M  1.1M  102M   2% /run
/dev/mapper/ubuntu--vg-ubuntu--lv ext4       22G  5.6G   15G  29% /
tmpfs                             tmpfs     515M  1.2M  514M   1% /dev/shm
tmpfs                             tmpfs     5.3M     0  5.3M   0% /run/lock
tmpfs                             tmpfs     515M     0  515M   0% /sys/fs/cgroup
/dev/loop0                        squashfs   74M   74M     0 100% /snap/lxd/21029
/dev/loop1                        squashfs   59M   59M     0 100% /snap/core18/2128
/dev/loop3                        squashfs   34M   34M     0 100% /snap/snapd/12883
/dev/loop2                        squashfs   34M   34M     0 100% /snap/snapd/12704
/dev/sda2                         ext4      1.1G  112M  842M  12% /boot
/dev/loop4                        ext4      482M  775k  445M   1% /mnt   # Image I mounted

Now I can access the /mnt directory and work with it. But I want this drive to be encrypted with a password. Meaning that when the user(even root) tries to mount it,a password must be specified in order to mount the image. My final goal is to have an image file encrypted with a password and with a size of over 400MB.

Improve this question
3
  • You likely want to use LUKS to encrypt loop4/VHD.img - the typical layering is block device -> LUKS -> EXT4. You dont specify a password to mount the image, you specify it to create an unencrypted block device as an abstraction of the encrypted one (by using LUKS to unlock it)
    – davidgo
    Commented Sep 16, 2021 at 10:21
  • An alternative (which is not as secure) would be to use something like ecryptfs to do fole level encryption by abstracting the ext4 filesystem. Tjis is not Fill Disk Encryption though.
    – davidgo
    Commented Sep 16, 2021 at 10:25
  • Actually, I am very new to this field and I am afraid I am a bit confused about what you are talking about. Would it be okay if I ask you for a simpler explanation? I have heard about LUKS but never used it before. It would be helpful if you can give me the steps to solve this.
    – Kavishka Gihan
    Commented Sep 16, 2021 at 10:27

2 Answers 2

Reset to default
1

A simple solution would be to use the free and open-source VeraCrypt.

It supports full-disk encryption, but also encrypted containers. A container looks like a file that requires a password for mounting, so can be used cross-platform (select for that a cross-platform file-system format).

You will find documentation on the VeraCrypt site, but also many articles on the internet.

Improve this answer
1
  • I did some research. But from all the articles I found, they were talking about either encrypting an already existing disk or creating a new encrypted disk which didn't give what I want. I just need to encrypt the image file so that when anyone tries to mount it, it prompts for a password.
    – Kavishka Gihan
    Commented Sep 16, 2021 at 11:07
1

Actually, using LUCKS worked best for me. I found this article which walks you through the whole process.

http://freesoftwaremagazine.com/articles/create_encrypted_disk_image_gnulinux/

The steps I used were:

  • First create an empty image. fallocate -l 512M enc.iso
  • Then encrypt it with cryptsetup. cryptsetup -y luksFormat enc.iso
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .