This time we will explain how to generate a password-protected file using LUKS, which is very useful because it is not necessary to encrypt the entire device and can be used for other purposes.
Install the necessary software.
emerge sys-fs/cryptsetup
Generate a 50GB file with random data:
dd if=/dev/urandom of=ciphered_file bs=1G count=50 iflag=fullblock
Format it as “luks” and assign a password:
cryptsetup –hash=sha256 –key-size=512 –verify-passphrase luksFormat ciphered_file
WARNING!:
This will overwrite the data in ciphered_file2 irreversibly.
Are you sure? (Type uppercase yes): YES
Enter passphrase:
Get file info:
cryptsetup luksDump ciphered_file
Decrypt by generating the decrypted file:
cryptsetup luksOpen ciphered_file unciphered
Create the file system and mount it:
mkfs.ext4 /dev/mapper/unciphered
mkdir /mnt/unciphered
mount /dev/mapper/unciphered /mnt/unciphered
mkdir /mnt/unciphered
mount /dev/mapper/unciphered /mnt/unciphered
We can automate the mounting process using sudo:
vi /home/kr0m/.scripts/luks
#! /bin/bash
sudo /sbin/cryptsetup luksOpen /home/kr0m/ciphered_file unciphered
sudo /bin/mount /dev/mapper/unciphered /home/kr0m/unciphered
chmod 700 /home/kr0m/.scripts/luks
visudo
visudo
kr0m ALL=(ALL) NOPASSWD:/sbin/cryptsetup luksOpen /home/kr0m/ciphered_file unciphered
kr0m ALL=(ALL) NOPASSWD:/bin/mount /dev/mapper/unciphered /home/kr0m/unciphered
vi /etc/local.d/luks.stop
#! /bin/bash
umount /home/kr0m/unciphered
cryptsetup luksClose unciphered
chmod 700 /etc/local.d/luks.stop