Setting up an encrypted ext4 disk image with dm_crypt

This post was written by eli on September 16, 2010
Posted Under: Linux

This script turns the file given as argument to an image of an encrypted and ext4-formatted disk image file.

After this, you can do something like:

losetup /dev/loop0 /storage/diskimages/thefile
cryptsetup luksOpen /dev/loop0 myfakedisk
mount /dev/mapper/myfakedisk /path/to/mountpoint

And then close with

umount /path/to/mountpoint
cryptsetup luksClose myfakedisk
losetup -d /dev/loop0

The operation above and the script below must be run as root. This means that you can mess up things heavily, including wiping your disk if you don’t know what you’re doing, or because of a mistake of mine. Be sure you’ve proofread the script below, and that you know what you’re doing. Don’t blame me, even if I got the script wrong.

If you’ll ever think about modifying this script, please note that the most dangerous point is that the script will, for some reason, not be able to bind the image file to the loop device, because it’s bound to something else, but will go on anyhow. In that case, it will really wipe important data without any warning. Note the first “if” statement. That’s where the pudding lies.

#!/bin/bash

# Usage (as root!): make_enc_ext4.sh imagefile

myloop=`losetup -f`
mymapper=temporary_$$

if losetup $myloop $1 ; then
  echo Using loop device $myloop
  echo ALL DATA IN $1 WILL BE LOST  

  if ! cryptsetup luksFormat $myloop ; then
    echo Did not set up LUKS on image
    losetup -d $myloop
    exit 1;
  fi

  echo Now mapping the encrypted loop device. Enter the same passphrase

  if ! cryptsetup luksOpen $myloop $mymapper ; then
    echo Failed to map the image. Probably you entered the passphrase
    echo wrong. Just run this script again.
    losetup -d $myloop
    exit 1;
  fi

  echo $myloop is now mapped to $mymapper

  if ! mkfs.ext4 /dev/mapper/$mymapper ; then
    echo Failed to create an ext4 filesystem on the image

    cryptsetup luksClose $mymapper
    losetup -d $myloop
    exit 1;
  fi

  if ! tune2fs -c 0 -i 0 /dev/mapper/$mymapper ; then
    echo Failed to cancel automatic fsck on the disk
  fi

  cryptsetup luksClose $mymapper

  echo Done. You should now be able to do something like
  echo losetup $myloop $1
  echo cryptsetup luksOpen $myloop myfakedisk
  echo mount /dev/mapper/myfakedisk /path/to/mountpoint
  echo Then close with
  echo cryptsetup luksClose myfakedisk
  echo losetup -d $myloop
else
  echo Failed to set up loop device for file \"$1\"
  exit 1;
fi

losetup -d $myloop

Reader Comments

Rockin’!

As best I can tell, all the typos are in the description :-)

Add to “And then close with”:
umount /path/to/mountpoint
as the first command.

To create an image, something like:
truncate -s 500m /path/to/file/thefile

#1 
Written By Brian Excarnate on December 22nd, 2012 @ 01:15

Thanks for that comment. I’ve added the umount I forgot previously, and I wasn’t actually aware of the truncate command, so thanks for it!

#2 
Written By eli on December 22nd, 2012 @ 01:49

Add a Comment

required, use real name
required, will not be published
optional, your blog address