Jump to content
Sign in to follow this  
Pic0o

Encrypt stuff guide

Recommended Posts

This thread will be a collection of resources on how to use encryption, tool use suggestions and where possible, usage explanations.

 

I'm fine with reading technical documents, however I also value time and the ability to convey a point, without a huge time investment. The easier and more clearly encryption can be used, the better everyone will be.

Be it an individual or some sort of state agency / boogeyperson, more layers and protections are a good thing. Having protections does not make one a criminal, either.

 

CryptSetup LUKS guide. There are command syntax examples and console response dialogs.

 

Cryptsetup is nice, as it also handles mounting of drives and partitions. If you are unable to mount a drive, you will likely need to install cryptsetup. This should also work to mount any TAILS persistent volumes you have setup.

For more info on DM-Crypt (cryptsetup), the Arch wiki is a great resource.

 

Samples of flow (1st link)

01 step: install cryptsetup (dm-crypt)

02 step: confirm your drive target and valid partition (gparted or parted to get your /dev/(drive))

03 step: initialize your drive

# cryptsetup -y -v luksFormat /dev/xvdc
(This is setting up your passcode to access drive)

04 step:

# cryptsetup luksOpen /dev/xvdc backup2
(Mounts newly configured drive)

05 step: format the LUKS partiton (needless to say, you really want to have the correct drive or you have lost data on the drive you are using)

# dd if=/dev/zero of=/dev/mapper/backup2
(This will take quite some time. Let the cursor do it's work, check your hdd led to confirm activity) Edited by Pic0o
Sample Details

Share this post


Link to post

Additional notes:

In the cryptsetup command, you want to target the drive, not just a partition. This is your /dev/sda or something of that sort. Gparted is a graphical utility you can also use (in lieu of ls /dev/sda -l) to check what your devices are.

These tools will work on an Ubuntu 14.04 live cd.

 

Please note the guide has defaults of 256-bit encryption for the target drive. While having this chat, also feel free to review possible attack vectors for your encrypted drive and how information can be read from the encrypted data. This guide is also older, so the more computing power and math you have, the more options present themselves. ;)

Share this post


Link to post

Mobile Phones

Android tested on OS 5.1.1. Verizon carrier

Minimum pin lock code changes to 6 char mixed number letter combination. You will need to enter this for reboots and device unlocks. Instant-Lock and other device settings will let you change lock timing requirement for pin entry.

I noted 2 updates post-encryption from carrier. Random note about the VZ store prompt to scan bluetooth and wifi, for the sake of selling you accessories in store radius.

If you want to see some purchaseware, get the Samsung Electronics drivers from their appStore. Remote support tool has a remote access for repair stashed in there too.

 

I hope you are having a nice (oddly warm around these parts), winter December 2015 seasin :bunny:

Link for Android source info

Edited by Pic0o
https://source.android.com/security/encryption/

Share this post


Link to post

This is a GUI recap of the original post covering making an encrypted volume over the command line.  I'm adding this for easier sake of understanding and rolling out to less CLI-inclined folks to use.

I like that using this method is a little easier to grasp what is going on through the drive encryption process.  In this guide I'm using Tails 3.0 but you can do this with most any other linux distribution as well.

I'm presuming you have a working Tails or other Live CD / USB device.  The distro of your choice should have a guide available, if you hit any snags.  A CD will be slower to boot but less fiddly to make and have boot properly.

EncryptTails01.png

Booting up Tails, you want to click the Additional Settings button.
Set an Administration Password, since you will need that to make changes to installed disks.
EncryptTails02.png

Confirming your admin password it set, go ahead and click Start Tails.
EncryptTails03.png

Let the OS boot up.  Once it's up, click on the Applications menu on the top left.  Under Utilities, open Disks.
EncryptTails04.png

You should see all the disks installed in said system.
These screencaps are from a Virtual Machine so the single partition 2GB is what will be encrypted.
EncryptTails05.png

Click the Gear Icon to configure the drive.  In this case I'm setting the Volume to Encrypted, compatible with Linux systems (LUKS + ext4).
EncryptTails06.png

Set a name for the volume, then your encryption passphrase.
If you ever want to re-mount and access the contents, you want to know what you set your passphrase to.

EncryptTails07.png

NOTE: Erase existing data should be selected if you previously had data on the drive, as that will still be accessible if it has not been overwritten by your new files (old data will live in the unused space until overwritten).
This will increase the time to format the drive but will overwrite the prior data.  Suggested to Full erase on your physical drive(s), despite my not doing it for this VM guide.

Click Format.  Once it's finished you should see your encrypted volume with a vertical split.  LUKS being the top layer and ext4 below it, when your passphrase is entered correctly and the volume is mounted.
EncryptTails08.png

Go to Places, then Other Locations.  You should see your newly configured encrypted volume, represented with an unlocked padlock icon.
If you see a locked one, try to open the drive and it will ask for your passphrase, then unlock the drive and mount it.
EncryptTails09.png

For security concerns, unmount the drive when not in use.  If your machine gets compromised somehow and you left the encrypted drive mounted, the encryption is irrelevant since you essentially left the keys in the lock.  I say this, depending on your concerns to someone gaining remote or local access to your machines and data.

Jolly encrypting!

Share this post


Link to post
Sign in to follow this  
×