File: Clonezilla Using Veracrypt Ver 1.0.Odt Page 6 of 6
Total Page:16
File Type:pdf, Size:1020Kb
File: 0314bf3c00f501b544c813a77632ee71.doc Page 1 of 6
TITLE: Instructions to save an image backup in Clonezilla to a VeraCrypt encrypted volume. AUTHOR: PJC123 VERSION: 1.0 DATE: 01-26-2015 CONTACT: Go to my website at http://www.flaminghellmet.com/ Leave a message on the “CONTACT” page. DISCLAIMER: Not liable for any damages resulting from your using, displaying, or copying these instructions.
------
1) OVERVIEW: 1) First of all don't be alarmed that these instructions are so long; I tried to include every little step, and a lot of it you only do once. So, what are these instructions exactly? Once an image backup is setup in Cloneziila, these instructions show the steps necessary to store that backup into a drive that was encrypted using VeraCrypt; in other words, un-encrypt the drive from within the Clonezilla program while Clonezilla is still running. These instructions assume that you know how to use Clonezilla and VeraCrypt in general, because detailed instructions already exist on how to use those programs. Therefore, steps to make an actual backup in Clonezilla have not been included. 2) NOTE: These instructions were written using the following versions of Clonezilla and VeraCrypt: Clonezilla: Debian Stable, release 2.3.1-18, amd64 version. VeraCrypt: version 1.0f-1. 3) WARNING!: If you read nothing else read this. You will need to replace the drive paths for your particular computer with the example drive paths I have included in this tutorial; I have included real example paths because it makes it easier to follow what is going on and to show the proper format. Also, double check what you are doing! Not doing so could cause you to wipe out drives or partitions that you had not intended to (You should already be aware of this if you are currently using Clonezilla). Critical or easy to miss steps are highlighted in BOLD text.
2) PREPARE THE USB PENDRIVE: 1) Format the pendrive with a Linux filesystem. I used gparted and chose an ext4 filesystem. I actually separated the pendrive into two partitions, one formatted with fat32 the other with ext4 so I could run VeraCrypt on both Linux and Windows platforms. 2) From within a Linux distribution, download the Linux VeraCrypt setup file bundle, as well as the checksum text file: Go to the website below:
https://veracrypt.codeplex.com/wikipage?title=Downloads File: 0314bf3c00f501b544c813a77632ee71.doc Page 2 of 6
and download the setup file bundle:
veracrypt-1.0f-1-setup.tar.bz2
and the checksum text file (Either the 256 or 512 version). I am using the 256 version here:
veracrypt-1.0.f-1sha256sum.txt
Go to where the files were downloaded and run the checksum on the setup file bundle and compare it to the checksum in the checksum text file to insure the download was not corrupted.
shasum -a 256 ./veracrypt-1.0f-1-setup.tar.bz2
3) Extract everything from the setup file bundle as follows: Unzip and extract the files from the archive:
# tar xvjf ./veracrypt-1.0f-1-setup.tar.bz2
(1) This will give you 4 setup programs. 32 and 64 bit versions of the console setup program and 32 and 64 bit versions of the GUI setup program.
veracrypt-1.0f-1-setup-console-x64 veracrypt-1.0f-1-setup-console-x86 veracrypt-1.0f-1-setup-gui-x64 veracrypt-1.0f-1-setup-gui-x86
4) Extract the VeraCrypt package. For this tutorial I will only be showing how to extract the remaining files from just one of those setup programs, the 64 bit version of the console. You can repeat these steps for the other executables. Run the following setup program:
# ./veracrypt-1.0f-1-setup-console-x64
(1) The program will display the following on the screen:
VeraCrypt 1.0f-1 Setup
Installation Options:
1. Install veracrypt_1.0f-1_console_amd64.tar.gz
2. Extract package file veracrypt_1.0f-1_console_amd64.tar.gz and place it into /tmp
To select, enter 1 or 2: File: 0314bf3c00f501b544c813a77632ee71.doc Page 3 of 6
(2) Since only one executable file is needed, select option 2. (3) Accept the license by entering “yes” and “Press Enter to exit” will be displayed. (a) Obviously press “Enter” to exit.
Now go to /tmp and extract the directories and files from the package file:
# cd /tmp # tar xvzf ./veracrypt_1.0f-1_console_amd64.tar.gz
(1) The VeraCrypt directory “usr” will be created. Now go to the following subdirectory.
# cd ./usr/bin
(2) Finally! Here is the VeraCrypt executable (veracrypt) that you need to add to the pendrive in order to un-encrypt the VeraCrypt volume. Time for a coffee break.
veracrypt
(3) So, copy it to the pendrive.
3) PREPARE THE EXTERNAL USB HARD DRIVE (IF YOU HAVEN'T ALREADY): 1) It is up to you to decide whether you want to encrypt a file (container) or the entire drive. My drive is set up with a smaller 200GB un-encrypted partition and an 800GB VeraCrypt encrypted encryption for more flexibility.
4) MAKE AN IMAGE BACKUP WITH CLONEZILLA AND STORE IT INTO THE ENCRYPTED VERACRYPT VOLUME: 1) Insert the Clonezilla Live CD and reboot the computer. 2) Answer all the questions as you would normally do for an image backup, HOWEVER..... 3) STOP! When you get to the screen titled “Mount Clonezilla image directory”. At this screen, make sure that you select “enter_shell Enter command line prompt. Do it manually”. 4) “Press “ENTER” to continue.” will be displayed on the screen, So, press ENTER. 5) NOTE: You will now be user “root” and be placed in the directory /root.
root@debian:~#
6) Determine the device path to the usb pendrive. Plug in the pendrive. File: 0314bf3c00f501b544c813a77632ee71.doc Page 4 of 6
Wait until the drive is recognized and text will appear that looks similar to the following:
root@debian:~# [ 149.849510 ] sd 8:0:0:0: [sde] No Caching mode page found root@debian:~# [ 149.850472 ] sd 8:0:0:0: [sde] Assuming drive cache: write through
Note the drive path. For this example it is /dev/sde (NOTE: Replace with your drive path). 7) Determine the device path to the external usb hard drive. Plug in the external usb hard drive. Wait until the drive is recognized and text will appear that looks similar to the following:
root@debian:~# [ 366.524381 ] sd 9:0:0:0: [sdf] No Caching mode page found root@debian:~# [ 366.525468 ] sd 9:0:0:0: [sdf] Assuming drive cache: write through
Note the drive path. For this example it is /dev/sdf (NOTE: Replace with your drive path). 8) Double check that you will be using the correct drive and partition. Run the following command:
root@debian:~# fdisk -l
The screen will look similar to the following. I am only going to include the relevant fields of information:
Device Boot Start End Sectors Size Id Type /dev/sde1 3.7G W95 FAT32 /dev/sde2 3.8G HPFS/NTFS/exFAT
Device Boot Start End Sectors Size Id Type /dev/sdf1 195.3G HPFS/NTFS/exFAT /dev/sdf2 736.2G HPFS/NTFS/exFAT
Verify that you are using the correct device path (both drive and partition) for both the pendrive and external hard drive by checking the “Size” and “Type” fields. SKIP THIS STEP IF YOU HAVE ONLY ONE PARTITION ON BOTH THE PENDRIVE AND EXTERNAL HARD DRIVE. In my case both the pendrive and external hard drive have multiple partitions, so I need to know exactly where I am reading and or writing to. (1) PENDRIVE: From running fdisk previously I have determined that the path to the Linux partition on my pendrive where the Linux version of the File: 0314bf3c00f501b544c813a77632ee71.doc Page 5 of 6
VeraCrypt executable is located is /dev/sde2 (NOTE: Replace with your drive path). (2) EXTERNAL HARD DRIVE: From running fdisk previously I have determined that the path to the encrypted VeraCrypt partition on my external hard drive is /dev/sdf2 (NOTE: Replace with your drive path). 9) Mount the usb pendrive:
root@debian:~# mkdir ./pendrive root@debian:~# mount /dev/sde2 ./pendrive (NOTE: Replace with your drive path).
10) Double check that it was mounted. Run the following command and you should see your pendrive's files:
root@debian:~# ls -l ./pendrive
11) Run the VeraCrypt executable in interactive mode (Assuming the executable is in the top level of the pendrive directory). This will mount the selected volume un-encrypted.
root@debian:~# ./pendrive/veracrypt --mount
The program will run and ask the following questions. I have included answers where necessary: (1) Enter volume path: /dev/sdf2 (NOTE: Replace with your drive path) (a) NOTE: This is the external drive's encrypted drive path that was discovered previously. (2) Enter mount directory [default]: /home/partimag (a) Clonezilla is expecting this path. Do not change it. (3) Enter password for /dev/sdf2: ******** (NOTE: Your drive path will show up here). OK, I have to say it...don't type in the asterisks....put your password there instead. (a) Enter the password you used when you encrypted the volume. (4) Enter keyfile [none]: (a) Leave blank. (5) Protect hidden volume (if any)? (y=yes/n=No) [No]: (a) Leave blank
Wait for the program to finish. If everything was entered correctly the volume will be mounted and un-encrypted. To double check that it worked, type the following and you should see your files (if you put any there before encrypting the volume).:
root@debian:~# ls -l /home/partimag
Exit the shell: File: 0314bf3c00f501b544c813a77632ee71.doc Page 6 of 6
root@debian:~# exit
12) Proceed with the backup in Clonezilla as normal. 13) Once the backup is complete “press “Enter” to continue” will be displayed on the screen. Press “Enter”. 14) STOP! The “Choose Mode” screen is displayed. Select “cmd Enter command line prompt”. The backup will have completed, but before exiting the program it would be a good idea to dismount the un-encrypted drive, and un- mount the pen drive. NOTE: You will now be user “user” and be placed in the directory /home/user.
user@debian:~$
(1) Return to being the root user.
user@debian:~$ sudo su - root
(2) Dismount the encrypted drive.
root@debian:~# ./pendrive/veracrypt --dismount
(3) Un-mount the pendrive directory.
root@debian:~# umount ./pendrive
(4) Exit the “cmd” mode.
root@debian:~# exit user@debian:~$ exit
15) This will bring you back to the “Start Clonezilla” screen. Select “Cancel” Select “poweroff Poweroff”. The following message will be displayed.
Please remove the disc, close the tray (if any) and Press ENTER to continue:.
Press ENTER. Wait for the system to HALT. The END.