HOWTO : Encrypt/Decrypt BackTrack 5 R2 with USB stick

Credit to : Hak5.org



Step 1 :



To check the device label :



sfdisk -l /dev/sda

sfdisk -l /dev/sdc




*** Where sda is my hard drive and sdc is the USB stick



Step 2 :



To format the following devices with linux format :



fdisk /dev/sda

d

n

p

1

p

w




fdisk /dev/sdc

d

n

p

1

p

w




Step 3 :



dd if=/dev/sdc bs=1 count=64 skip=32 of=/tmp/first.key



cryptsetup -c aes-xts-plain -s 512 luksFormat /dev/sda1 /tmp/first.key



cryptsetup -d /tmp/first.key luksOpen /dev/sda1 mylaptop



ls /dev/mapper




Step 4 :



mkfs.ext2 /dev/sdc1



mkfs.ext4 /dev/mapper/mylaptop




*** Where mylaptop is the label of the device.



Step 5 :



Install BackTrack 5 R2 as usual. However, do not format the partitions. Select /dev/mapper/mylaptop as ext4 and /. Then, select /dev/sdc1 as ext2 and /boot.



After that, make sure the bootloader is installed at /dev/sdc



Step 6 :



Once the installation is completed, select "Continue testing" and do not reboot.



dd if=/dev/sdc bs=1 count=64 skip=32 of=/tmp/second.key



Make sure the keys are different.



sha1sum /tmp/*key



Step 7 :



cryptsetup -d /tmp/first.key luksAddKey /dev/sda1 /tmp/second.key



mkdir /mnt/mylaptop



mount /dev/mapper/mylaptop /mnt/mylaptop/

mount /dev/sdc1 /mnt/mylaptop/boot



chroot /mnt/mylaptop/



mount -t proc proc /proc

mount -t sysfs sys /sys/




Step 8 :



nano /etc/crypttab



blkid /dev/sda1



mylaptop /dev/disk/by-uuid/ none luks



nano /etc/fstab



/dev/sdb1 /boot ext2 defaults 0 2




Step 9 :



After that, boot BackTrack 5 R2 from the USB stick. It will drop to the busybox.



At the busybox, enter the following commands to unlock the partition. You are required to enter these commands on every boot up.



dd if=/dev/sdb bs=1 count=64 skip=32 of=/tmp/mykey.key



cryptsetup -d /tmp/mykey.key luksOpen /dev/sda1 mylaptop




Then press Ctrl-D to continue the boot process.



Step 10 :



After the system is boot up, it is required to create swap file.



dd if=/dev/zero of=/swapfile1 bs=1M count=512



* Where count=512 is 512M



mkswap /swapfile1

chown root:root /swapfile1

chmod 0600 /swapfile1



swapon /swapfile1



nano /etc/fstab



/swapfile1 swap swap defaults 0 0




Then reboot the system.



Remarks :



You are required to enter these commands on every boot up.



dd if=/dev/sdb bs=1 count=64 skip=32 of=/tmp/mykey.key



cryptsetup -d /tmp/mykey.key luksOpen /dev/sda1 mylaptop




See Also : HOWTO : Encrypt/Decrypt BackTrack 5 R2 with Passphrase



That's all! See you.