--- tags: ccdc, NCCDC2019 --- # Image Files and Encryption ~ Linux ## Image Files ``` bash # Create a 12Mb blank image file dd if=/dev/zero of=test.img bs=1M count=12 && sync # or fallocate -l 12M test.img # IF you just need one partition mkfs.ext4 test.img # or mkfs.fat test.img # List loop devices in use losetup -l # Map image file to an available loop device losetup loop0 test.img # start gparted to partition the device gparted /dev/loop0 # or start fdisk to partition the device fdisk /dev/loop0 # When done release the loop device losetup -d /dev/loop0 ``` ## Encruption ~ LUKS ### Create Encrypted Volume ``` bash # Ensure cryptsetup is installed # IF not: #On RHEL or Cent OS, run: yum install cryptsetup-luks #On Ubuntu or Debian, run: apt-get install cryptsetup # Then once the drive or image file is mapped to a device: /dev/wxyz # Create space for encryption this will erase everything cryptsetup -y -v luksFormat /dev/wxyz # on completion your graphical environ may prompt you for a password # if so enter it, IF NOT run: ``` ### Open Encrypted Volume ``` bash cryptsetup luksOpen /dev/wxyz backup2 # Enter passphrase for /dev/wxyz: ls -l /dev/mapper/backup2 # lrwxrwxrwx 1 root root 7 Oct 19 19:37 /dev/mapper/backup2 -> ../dm-0 # Mount: mount /dev/wxyz /path/to/mount/point # unmount: umount /path/to/mount/point rm -f /dev/mapper/backup2 ``` ### Check Statuses ``` bash cryptsetup -v status backup2 # Use the cryptsetup luksDump command to check that the device # has been formatted for encryption successfully: cryptsetup luksDump /dev/xvdc ``` ### Resources #### Cracking: https://articles.forensicfocus.com/2018/02/22/bruteforcing-linux-full-disk-encryption-luks-with-hashcat/ #### Setup: https://www.ibm.com/support/knowledgecenter/en/SS6PEW_10.0.0/com.ibm.help.security.dimeanddare.doc/security/t_security_settingupluksencryption.html