Skip to content
This repository has been archived by the owner on Jan 24, 2018. It is now read-only.

Home

Jump to bottom
nathanfreitas edited this page Mar 11, 2011 · 47 revisions

##What is this?

LUKS is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not only facilitate compatibility among distributions, but also provides secure management of multiple user passwords. In contrast to existing solution, LUKS stores all setup necessary setup information in the partition header, enabling the user to transport or migrate his data seamlessly.

This project is the port of LUKS to Android.

##Reference

Credit and a big thanks to the original hackers on this effort

Build Steps

  • set up the Android NDK on your computer
  • install required software: sudo apt-get install autoconf automake libtool autopoint git make patch
  • get the sources: git clone git://github.com/guardianproject/LUKS.git
  • cd LUKS/external
  • make NDK_ROOT=/usr/local/android-ndk-r5 (or change the path to where you put the folder)
  • adb push sbin/cryptsetup.static /data/local/cryptsetup
  • For more info, read the README

Or you can download our binary: cryptsetup (right-click and download)

##Usage

NexusOne/CM6.1 as root... creating a 50 megabyte "secretagentman.mp3" file on the sdcard to store our encrypted file system. The commands below can be issues via adb shell or terminal and require root permission. We are working on a GUI.

Comments from a reader below: /* nice instructions on the wiki, two things tho: “dd if=/dev/zero of=/mnt/sdcard/secretagentman.mp3 bs=1M count=50000000″ this creates a 50 TB file on the sdcard. you can see where this would be problematic and: “Change the permissions to root read only on the hidden file /mnt/sdcard/.temp.file” nice idea, sadly the sdcard is fat32, which doesn’t support unix-style permissions… */

First Time Setup

  1. dd if=/dev/zero of=/mnt/sdcard/secretagentman.mp3 bs=1M count=50000000
  2. mknod /dev/loop0 b 7 0
  3. losetup /dev/loop0 /mnt/sdcard/secretagentman.mp3
  4. ./cryptsetup luksFormat -c aes-plain /dev/loop0
  5. ./cryptsetup luksOpen /dev/loop0 secretagentman
  6. ./cryptsetup status secretagentman
  7. mke2fs -O uninit_bg,resize_inode,extent,dir_index -L DroidCrypt0 -FF /dev/mapper/secretagentman
  8. mkdir /mnt/sdcard/secretagentman
  9. mount /dev/mapper/secretagentman /mnt/sdcard/secretagentman

Just to Mount Existing

  1. mknod /dev/loop0 b 7 0
  2. losetup /dev/loop0 /mnt/sdcard/secretagentman.mp3
  3. ./cryptsetup luksOpen /dev/loop0 secretagentman
  4. mount /dev/mapper/secretagentman /mnt/sdcard/secretagentman

To Unmount and close

  1. umount /mnt/sdcard/secretagentman
  2. ./cryptsetup luksClose secretagentman

To delete secured image

  1. First umount and close (see above)
  2. rm /mnt/sdcard/secretagentman.mp3

Ways to improve security of file and mount directory

  • Store the file and folder as hidden files: /mnt/sdcard/.temp.file and the mount point /mnt/sdcard/.temp
  • Change the permissions to root read only on the hidden file /mnt/sdcard/.temp.file
Clone this wiki locally