linux mount an encrypted disk/diskimgfile

最新推荐文章于 2025-06-26 08:26:37 发布

转载最新推荐文章于 2025-06-26 08:26:37 发布 · 1k 阅读

Linux嵌入式系统相关专栏收录该内容

90 篇文章

订阅专栏

本文指导您如何在Fedora/Ubuntu环境下，使用loop-aes进行设备加密，包括准备工作、加密过程和注意事项。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

How can I encrypt a device with loop-aes under Linux?

up vote 2 down vote favorite

Using Fedora/Ubuntu, how can I do it?

asked May 29 '11 at 18:08

LanceBaynes
917 3 25 109

I believe dm-crypt/luks is the preferred method of block device encryption. It's more portable across OSes, and a little easier to recover from lost metadata (since it stores the metadata with the partition). – Keith May 30 '11 at 6:21

1 Answer

active oldest votes

up vote 1 down vote accepted

You need patched kernel, losetup and mount. The package is usually called util-linux, you can get the patches from here. If you don't want to boot from a loop-aes device it's really simple:

# Write 65 lines of random data to keyfile.txt This will be used as a key for
# the data on the disk and your password will be as a key for this file.
# You will need this file and the password to access your data.
# Keep them safe.
gpg -c --cipher-algo aes256 --digest-algo sha512 < keyfile.txt > keyfile.gpg
rm keyfile.txt # Better if you never write this to disk in the first place.
losetup -e aes256 -H sha512 -K keyfile.gpg /dev/loopX /dev/sdXX
mke2fs -t ext4 /dev/loopX
mount /dev/loopX /mnt

# To mount it later
mount -o loop=/dev/loopX,encryption=aes256,hash=sha512,gpgkey=keyfile.gpg /dev/sdXX /mnt

If you want to encrypt the root partition then I recommend reading the extensive documentation. Basically you will need to create an initramfs and store it on an unencrypted boot partition.

You can store the keyfile.gpg (and the boot partition if you decide to encrypt the root) on a removable USB device.