How to Create an Encrypted Container in Linux for Cloud Storage

How to Create an Encrypted Container in Linux to Use on Cloud Storage ServicesGreetings Cybrarians.This is my first publication, and we will learn how to secure our content when we are using a third party service for Cloud Storage (i.e. Dropbox).We can use this technique for local encryption too.Of course, we have to know that the best solution is out there and its name is Open Source, like ownCloud, nextCloud, etc.But if we don't have the hardware, the knowledge or the time to build and maintenance our cloud and we are using closed source third party software like Dropbox, it's a good practice to keep our sensitive data encrypted in the Cloud and unencrypted local only.This tutorial has created, tested, and it's working on Ubuntu 16.04 LTS, but it's expected to work on any other Linux Distribution.We will use cryptsetup, a tool that it is not preinstalled in Ubuntu.

Module Check and Installation

First, we should check for the right module if it's loaded.If we have an output, we can proceed. If not, we should load the module with the following commandLet's install cryptsetup now with the following command:

Creating the File Container

With the following command, we will create a File Container of 1GB size. In there we can create and store files and folders of our interest, usually sensitive data we don't want others to have access.Now we will encrypt the "PRIVATE" File (container) with cryptsetup.We answer "Yes" at Warning and we write the passphrase twice. We can see information about the encrypted space we just created, with the following command:Example Results:

Opening the container and creating the filesystem

To create and store files and folders, we have to create a filesystem. That's the magic here. We will use a simple file (PRIVATE) as a container with a filesystem in where we can store other files and folders.To do that we have to open the container with the following command:cryptsetup needs administrative (sudo-root) privileges to work.We need to specify a NAME for the unencrypted space to be opened.Here we use the name DECRYPTED.Keep in mind that in Linux capital letters are different than small.Now we have our space attached under /dev/mapper/DECRYPTEDExample Output:See here that it asks for our passphrase, the one we have created earlier.Now we can create our filesystem, and I prefer the well tested and reliable ext4.

Mounting the Container

From now on, we can mount the unencrypted device (the one under /dev/mapper/)Let's see if it has anything inside.What we should see is the standard lost+found directory.

Unmounting and Closing the Container

When we have done with our files and folders inside the (unencrypted) container, we should use the following commands to unmount and close the container properly.Of course /mnt is not an excellent place to mounting our (unencrypted) container. Better would be to create a directory somewhere with properly rights, meaning only WE have access.The only thing we can do now is to move the closed (encrypted) file (container) named PRIVATE to our Dropbox (we took Dropbox here as an example) directory.

How the synchronization works.

We can see that while the container is unencrypted and mounted Dropbox won't sync any data even if we create a new folder, moving or removing files, etc.Dropbox doesn't see the unencrypted storage at all.When we finish and unmount the unencrypted storage (/dev/mapper/...), then after we close it properly (we saw the command above) we will see Dropbox is starting to synchronize the data.What it does is indexing the file (PRIVATE) for any changes and writing the encrypted metadata in it.

Summary

What we did in this tutorial is:1. We created a large file 1GB in size.2. We formatted the file with cryptsetup to use it as an encrypted container.3. We created a filesystem, and we converted the file to a container.4. We opened and mount the container (now we can store our data)5. We unmounted and closed the container properly.