Creating an encrypted Kali Linux Encrypted Persistence flash drive
This article describes the method of creating a bootable flash drive with Kali Linux system, the functionality of which allows you to create an encrypted partition where all its parameters, installed programs and data will be stored. Encryption is performed using the 256-bit key aes algorithm (you can customize encryption by studying the cryptsetup command).
To record the image, use the program Rufus . Select the device on which the image will be unpacked, then select the system iso-image and select the DD-image from the drop-down list.
After the image is deployed, the partition structure of the flash drive will look as follows:
')
Section structure:
- 2.80 GB - Kali Linux system image;
- 102 MB - bootloader;
- 11.42 GB - unallocated area to be used for encryption.
Boot from the flash drive and select the Live menu item (686-pae) .
Start the terminal and execute the gparted command to start the partition editor.
In the window that opens, select the USB flash drive from the drop-down list.
Next, select unallocated disk space and create a new partition (ext4).
After creating the partition, open the terminal and run the command fdisk –l | grep / dev / to display available devices. We are interested in the device / dev / sdb3 .
To encrypt the partition, enter the cryptsetup --verbose --verify-passphrase luksFormat / dev / sdb3 command , then enter YES .
After that, the program will require you to enter a password, under which the section will be encrypted and will offer to confirm it.
Connect the encrypted partition using the command cryptsetup luksOpen / dev / sdb3 usb_part_open , enter the password. The partition is initialized as a device named usb_part_open .
Run the fdisk –l | grep / dev / and make sure the device / dev / mapper / usb_part_open is connected.
Fill the device with random, pseudo-random numbers or zeros by executing one of the commands at your discretion:
- dd if = / dev / random of = / dev / mapper / usb_part_open - this command will fill the device with random numbers. The operation will be performed for a long time (count in days);
- dd if = / dev / urandom of = / dev / mapper / usb_part_open - this command will fill the device with pseudo-random numbers. The operation will be performed for a long time (count in hours);
- dd if = / dev / zero of = / dev / mapper / usb_part_open - filling with zeros.
Format the randomly-filled partition with the mkfs.ext4 / dev / mapper / usb_part_open command .
Name the section “persistence” with the command e2label / dev / mapper / usb_part_open persistence .
Mount this partition to a previously created folder, for example, / mnt / usb_part with mount / dev / mapper / usb_part_open / mnt / usb_part (usually in new versions of the system, this command is not required, the partition is automatically connected after formatting and is defined in Explorer).
Create a configuration file in the root of the encrypted partition using the echo “/ union”> /mnt/usb_part/persistence.conf command .
Close the encrypted partition with the cryptsetup command luksClose / dev / mapper / usb_part_open .
Reboot the system and log in to Live USB Encrypted Persistence .
When downloading, you will need to enter the password from the encrypted partition (when entering the password, the characters are not displayed).
Creating an encrypted system is complete.
When you first boot the OS in Encrypted Persistence mode, system files and folders are created on the encrypted partition, to view them follow these steps:
- Restart the system in unencrypted Live mode (686-pae) .
- mount the encrypted partition as a device using the command cryptsetup luksOpen / dev / sdb3 usb_part_open .
- Open the explorer and select the connected persistence device. You will see the previously created persistence.conf configuration file and system folders. In the rw folder is our encrypted system, under which we boot. Therefore, in the rw folder, all changes made to the system loaded in encrypted mode are saved.
If you boot in normal (unencrypted) mode, after the reboot, all changes and files are deleted.
Thanks for attention!
1. Creating a bootable flash drive
To record the image, use the program Rufus . Select the device on which the image will be unpacked, then select the system iso-image and select the DD-image from the drop-down list.
After the image is deployed, the partition structure of the flash drive will look as follows:
')
Section structure:
- 2.80 GB - Kali Linux system image;
- 102 MB - bootloader;
- 11.42 GB - unallocated area to be used for encryption.
2. Creating an encrypted partition and setting its parameters
Boot from the flash drive and select the Live menu item (686-pae) .
Start the terminal and execute the gparted command to start the partition editor.
In the window that opens, select the USB flash drive from the drop-down list.
Next, select unallocated disk space and create a new partition (ext4).
After creating the partition, open the terminal and run the command fdisk –l | grep / dev / to display available devices. We are interested in the device / dev / sdb3 .
To encrypt the partition, enter the cryptsetup --verbose --verify-passphrase luksFormat / dev / sdb3 command , then enter YES .
After that, the program will require you to enter a password, under which the section will be encrypted and will offer to confirm it.
Connect the encrypted partition using the command cryptsetup luksOpen / dev / sdb3 usb_part_open , enter the password. The partition is initialized as a device named usb_part_open .
Run the fdisk –l | grep / dev / and make sure the device / dev / mapper / usb_part_open is connected.
Fill the device with random, pseudo-random numbers or zeros by executing one of the commands at your discretion:
- dd if = / dev / random of = / dev / mapper / usb_part_open - this command will fill the device with random numbers. The operation will be performed for a long time (count in days);
- dd if = / dev / urandom of = / dev / mapper / usb_part_open - this command will fill the device with pseudo-random numbers. The operation will be performed for a long time (count in hours);
- dd if = / dev / zero of = / dev / mapper / usb_part_open - filling with zeros.
Format the randomly-filled partition with the mkfs.ext4 / dev / mapper / usb_part_open command .
Name the section “persistence” with the command e2label / dev / mapper / usb_part_open persistence .
Mount this partition to a previously created folder, for example, / mnt / usb_part with mount / dev / mapper / usb_part_open / mnt / usb_part (usually in new versions of the system, this command is not required, the partition is automatically connected after formatting and is defined in Explorer).
Create a configuration file in the root of the encrypted partition using the echo “/ union”> /mnt/usb_part/persistence.conf command .
Close the encrypted partition with the cryptsetup command luksClose / dev / mapper / usb_part_open .
Reboot the system and log in to Live USB Encrypted Persistence .
When downloading, you will need to enter the password from the encrypted partition (when entering the password, the characters are not displayed).
Creating an encrypted system is complete.
3. Functional check
When you first boot the OS in Encrypted Persistence mode, system files and folders are created on the encrypted partition, to view them follow these steps:
- Restart the system in unencrypted Live mode (686-pae) .
- mount the encrypted partition as a device using the command cryptsetup luksOpen / dev / sdb3 usb_part_open .
- Open the explorer and select the connected persistence device. You will see the previously created persistence.conf configuration file and system folders. In the rw folder is our encrypted system, under which we boot. Therefore, in the rw folder, all changes made to the system loaded in encrypted mode are saved.
If you boot in normal (unencrypted) mode, after the reboot, all changes and files are deleted.
Thanks for attention!
Source: https://habr.com/ru/post/320302/
All Articles