Dangerous Cryptoloop Voodoo
Posted by Eric Stein - March 22, 2008 CE @ 02:27:04 UTC
Today, I wondered whether I could use cryptoloop to encrypt an already existing partition, in place. This could be useful if you have a large hard drive that you want to encrypt, but you don't have anywhere to copy the files as an intermediary. To test the theory that it was possible, I backed up my flash drive and tried. Here goes!
sting ~ # dd if=/dev/sdb1 of=/dev/loop3
1969632+0 records in
1969632+0 records out
1008451584 bytes (1.0 GB) copied, 449.473 s, 2.2 MB/s
sting ~ # losetup -d /dev/loop3
It works. Of course, I make no guarantees that this will work for you. If you're willing to risk it, good luck. Mind you, doing this while the drive is mounted is an even worse idea.
Encrypting
We're using losetup to create a virtual block device piped through the encryption algorithm to the original partition. That's pretty easy.sting ~ # losetup -e aes-256-cbc /dev/loop3 /dev/sdb1
Password:
Password:
Danger, Will Robinson!
This is the dangerous step. We're block by block copying each original block and immediately sending it back through the cryptoloop device, whch encrypts the data and puts it back on the device itself.sting ~ # dd if=/dev/sdb1 of=/dev/loop3
1969632+0 records in
1969632+0 records out
1008451584 bytes (1.0 GB) copied, 449.473 s, 2.2 MB/s
sting ~ # losetup -d /dev/loop3
Using The Device
Now that we've in-place encrypted the device, we can try mounting it again.sting ~ # losetup -e aes-256-cbc /dev/loop3 /dev/sdb1
Password:
sting ~ # mount /dev/loop3 /mnt/flash
sting ~ # cd /mnt/flash
sting flash # ls
helloworld.txt
sting flash #
Password:
sting ~ # mount /dev/loop3 /mnt/flash
sting ~ # cd /mnt/flash
sting flash # ls
helloworld.txt
sting flash #
It works. Of course, I make no guarantees that this will work for you. If you're willing to risk it, good luck. Mind you, doing this while the drive is mounted is an even worse idea.
Last Edited March 23, 2008 CE @ 23:37:22 UTC
Post a Comment