TrueCrypt and CryptSetup)

TrueCrypt and CryptSetup)

Select a hard disk without a system.

1. Install the Windows system on the hard disk. The installation process is simple. You can directly start the computer on the CD, or install it on PE.

2. After Windows is installed, install Kali Linux. Boot the computer on the same CD or USB flash drive. After installation, the specific partitioning process is as follows:

After Manual is selected

The first is Windows partition, followed by free space. Create a boot partition here.

Create an encrypted partition and select Configure encryted volumes.

Then start to erase the partition information. If it is a new hard disk, you can skip this step.

Select Configure the Logical Volume Manager

 

Then, the root is mounted to/, and the swap is formatted as the swap partition.

So far, after Linux installation is complete, restart and enter Linux, generate g2ldr to boot Linux with Windows, because TrueCrypt cannot boot Linux. Run the following command:

Grub-mkimage-o core. img-O i386-pc biosdisk part_msdos fat ntfs ext2 iso9660 udf configfile search help reiserfs font linux chain echo

Cat/boot/grub/lnxboot. img core. img> g2ldr

Then g2ldr and/usr/lib/grub/i386-pc/g2ldr. copy mbr to the Windows root directory, create the grub directory under the Windows directory, and set/boot/grub. copy cfg to the grub directory of Windows, restart Windows, and install TrueCrypt, Ultraiso, and bootice. Open bootice:

Add a real-mode startup item. The configuration is as follows:

+

 

Restart the system for testing. Linux is started successfully:

Go to Windows again and start encryption.

Select NO In the last step.

Create a recovery disk image and then use Ultraiso to load it to the virtual optical drive. Otherwise, you cannot proceed to the next step. This image should be kept properly.

 

After the computer is restarted, the system prompts you to enter the encrypted password:

After the test is successful, encrypt the system.

After the installation is complete, the full encryption of the dual system is complete. For Windows, enter the TrueCrypt key. For Linux, enter both keys.

Finally, we enter the Linux system and add a nuke password to the system. If we enter the nuke password when starting Linux, the encrypted partition information header of the Linux system will be destroyed, in this way, even if the correct password is used, the Linux partition cannot be unopened. The procedure is simple:

Cryptsetup luksDump/dev/sdxx

Here/dve/sdxx is your system partition device. If you do not know it, you can view it using fdisk-l or try it one by one. The encrypted partition will print the correct information. Then

Cryptsetup luksAddNuke/dev/sdxx

You will be prompted to enter any previous password for verification, and then enter a new slot password (nuke ).

Cryptsetup luksDump/dev/sdxx to check the result. It is found that an additional slot is in the enable state, which indicates that it is successful. Now nuke is complete. We can destroy the Linux system at any time. Of course, the destroyed system can still be recovered. We need to save a luksHeader before destruction, as shown below:

Cryptsetup luksHeaderBackup-header-backup-file luksheader. back/dev/sdxx

Openssl enc-aes-256-cbc-salt-in luksheader. back-out luksheader. back. enc

Obtain the luksheader. back. enc after ase encryption, and save it.

Then, if the system is destroyed, the disk needs to be loaded using other methods to restore the disk. Decrypt the luks header first

Openssl enc-d-aes-256-cbc-in luksheader. back. enc-out luksheader. back

Restore luks header to partition

Cryptsetup luksHeaderRestore-header-backup-file luksheader. back/dev/sdxx

This is a fully encrypted multi-system.