我正在尝试在命令行上创建隐藏卷。文档中的步骤如下:
When using the text user interface, the following procedure must be
followed to create a hidden volume:
1) Create an outer volume with no filesystem.
2) Create a hidden volume within the outer volume.
3) Mount the outer volume using hidden volume protection.
4) Create a filesystem on the virtual device of the outer volume.
5) Mount the new filesystem and fill it with data.
6) Dismount the outer volume.
If at any step the hidden volume protection is triggered, start again from 1).
以下是我所做的:
创建没有文件系统的外部卷:
$ veracrypt -t -c -k '' --pim=0 --encryption=aes --hash=sha-512 --random-source=/dev/urandom --volume-type=normal --filesystem=none -p $pass --size=10M test
Done: 100.000% Speed: 1.8 MB/s Left: 0 s
The VeraCrypt volume has been successfully created.
在外部体积内创建隐藏体积
$ veracrypt -t -c -k "" --pim=0 --encryption=aes --hash=sha-512 --random-source=/dev/urandom --volume-type=hidden --filesystem=none -p $pass2 --size=2M test
IMPORTANT: Inexperienced users should use the graphical user interface to create a hidden volume. When using the text interface, the procedure described in the command line help must be followed to create a hidden volume.
Done: 100.000% Speed: 380 KB/s Left: 0 s
The hidden VeraCrypt volume has been successfully created and is ready for use. If all the instructions have been followed and if the precautions and requirements listedin the section "Security Requirements and Precautions Pertaining to Hidden Volumes" in the VeraCrypt User's Guide are followed, it should be impossible to prove that thehidden volume exists, even when the outer volume is mounted.
WARNING: IF YOU DO NOT PROTECT THE HIDDEN VOLUME (FOR INFORMATION ON HOW TO DO SO, REFER TO THE SECTION "PROTECTION OF HIDDEN VOLUMES AGAINST DAMAGE" IN THE VERACRYPT USER'S GUIDE), DO NOT WRITE TO THE OUTER VOLUME. OTHERWISE, YOU MAY OVERWRITE AND DAMAGE THE HIDDEN VOLUME!
使用隐藏卷保护安装外部卷
$ veracrypt -t -k "" --pim=0 -p $pass --protect-hidden=yes --protection-keyfiles='' --protection-pim=0 --protection-password=$pass2 --filesystem=none test
The hidden volume is now protected against damage until the outer volume is dismounted.
WARNING: If any data is attempted to be saved to the hidden volume area, VeraCrypt will start write-protecting the entire volume (both the outer and the hidden part) until it is dismounted. This may cause filesystem corruption on the outer volume, which (if repeated) might adversely affect plausible deniability of the hidden volume. Therefore, you should make every effort to avoid writing to the hidden volume area. Any data being saved to the hidden volume area will not be saved and will be lost. Windowsmay report this as a write error ("Delayed Write Failed" or "The parameter is incorrect").
$ veracrypt -t -l test
1: /tmp/test /dev/loop0 -
这里要注意的一点是,如果我在没有隐藏卷保护的情况下安装它,我会得到/dev/mapper/veracrypt1,/dev/loop0并且我可以毫无问题地格式化它。
在外部卷的虚拟设备上创建文件系统
$ mkfs.ext4 -v /dev/loop0
mke2fs 1.43.4 (31-Jan-2017)
fs_types for mke2fs.conf resolution: 'ext4', 'small'
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=0 blocks
2496 inodes, 9984 blocks
499 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=10223616
2 block groups
8192 blocks per group, 8192 fragments per group
1248 inodes per group
Filesystem UUID: 80ee6d69-1438-493d-84cc-1d3fa289737d
Superblock backups stored on blocks:
8193
Allocating group tables: done
Writing inode tables: done
Creating journal (1024 blocks): done
Writing superblocks and filesystem accounting information:
Warning, had trouble writing out superblocks.
如果我现在卸载,它会告诉我它阻止了对隐藏卷的写入
$ veracrypt -t -d
Warning: WARNING: Data were attempted to be saved to the hidden volume area of the volume "/home/matthewh/sandbox/crypt/test"!
VeraCrypt prevented these data from being saved in order to protect the hidden volume. This may have caused filesystem corruption on the outer volume and the operating system may have reported a write error ("Delayed Write Failed", "The parameter is incorrect", etc.). The entire volume (both the outer and the hidden part) will be write-protected until it is dismounted.
We strongly recommend that you restart the operating system now.
如果我尝试使用文件系统挂载它,它会确认损坏:
$ veracrypt -t -k "" --pim=0 -p $pass --protect-hidden=yes --protection-keyfiles='' --protection-pim=0 --protection-password=$pass2 test mount
Error: mount: wrong fs type, bad option, bad superblock on /dev/loop0,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so.
我在这里做错什么了吗?