[Image description:
Screenshot of terminal output:

~ ❯ lsblk
NAME           MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
sda              8:0    1  62.5M  0 disk  
└─topLuks      254:2    0  60.5M  0 crypt 
  └─bottomLuks 254:3    0  44.5M  0 crypt

/end image description]

I had no idea!

If anyone else is curious, it’s pretty much what you would expect:

cryptsetup -y -v luksFormat /dev/sda
cryptsetup open /dev/sda topLuks
cryptsetup -y -v luksFormat /dev/mapper/topLuks
cryptsetup open /dev/mapper/topLuks bottomLuks
lsblk

Then you can make a filesystem and mount it:

mkfs.ext4 /dev/mapper/bottomLuks
mount /dev/mapper/bottomLuks ~/mnt/embeddedLuksTest

I’ve tested putting files on it and then unmounting & re-encrypting it, and the files are indeed still there upon decrypting and re-mounting.

Again, sorry if this is not news to anyone else, but I didn’t realise this was possible before, and thought it was very cool when I found it out. Sharing in case other people didn’t know and also find it cool :)

  • @EpicFailGuy
    link
    English
    49 months ago

    You guys are going to blow your top when you hear about DFC (Distributed Fragment Cryptography)

      • @EpicFailGuy
        link
        English
        29 months ago

        Googling it takes you to the one company website that has managed to get a service out (a keyless) they haveA really good docs public repository.

        I work with these folks thru my job and it’s a pleasure to deal with them (even tho the product it’s a bit complex)

        It does my great good to see a company actually being run by engineers

        https://www.akeyless.io/blog/how-akeyless-dfc-works/