1

Я пытаюсь создать скрытый том в командной строке. Шаги из документации:

When using the text user interface, the following procedure must be
 followed to create a hidden volume:
  1) Create an outer volume with no filesystem.
  2) Create a hidden volume within the outer volume.
  3) Mount the outer volume using hidden volume protection.
  4) Create a filesystem on the virtual device of the outer volume.
  5) Mount the new filesystem and fill it with data.
  6) Dismount the outer volume.
  If at any step the hidden volume protection is triggered, start again from 1).

Вот что я сделал:

Создать внешний том без файловой системы:

$ veracrypt -t -c -k '' --pim=0 --encryption=aes --hash=sha-512 --random-source=/dev/urandom --volume-type=normal --filesystem=none -p $pass --size=10M test

Done: 100.000%  Speed:  1.8 MB/s  Left: 0 s

The VeraCrypt volume has been successfully created.

Создать скрытый том во внешнем томе

$ veracrypt -t -c -k "" --pim=0 --encryption=aes --hash=sha-512 --random-source=/dev/urandom --volume-type=hidden --filesystem=none -p $pass2 --size=2M test

IMPORTANT: Inexperienced users should use the graphical user interface to create a hidden volume. When using the text interface, the procedure described in the command line help must be followed to create a hidden volume.

Done: 100.000%  Speed:  380 KB/s  Left: 0 s

The hidden VeraCrypt volume has been successfully created and is ready for use. If all the instructions have been followed and if the precautions and requirements listedin the section "Security Requirements and Precautions Pertaining to Hidden Volumes" in the VeraCrypt User's Guide are followed, it should be impossible to prove that thehidden volume exists, even when the outer volume is mounted.

WARNING: IF YOU DO NOT PROTECT THE HIDDEN VOLUME (FOR INFORMATION ON HOW TO DO SO, REFER TO THE SECTION "PROTECTION OF HIDDEN VOLUMES AGAINST DAMAGE" IN THE VERACRYPT USER'S GUIDE), DO NOT WRITE TO THE OUTER VOLUME. OTHERWISE, YOU MAY OVERWRITE AND DAMAGE THE HIDDEN VOLUME!

Установите внешний том, используя скрытую защиту тома

$ veracrypt -t -k "" --pim=0 -p $pass --protect-hidden=yes --protection-keyfiles='' --protection-pim=0 --protection-password=$pass2 --filesystem=none test
The hidden volume is now protected against damage until the outer volume is dismounted.

WARNING: If any data is attempted to be saved to the hidden volume area, VeraCrypt will start write-protecting the entire volume (both the outer and the hidden part) until it is dismounted. This may cause filesystem corruption on the outer volume, which (if repeated) might adversely affect plausible deniability of the hidden volume. Therefore, you should make every effort to avoid writing to the hidden volume area. Any data being saved to the hidden volume area will not be saved and will be lost. Windowsmay report this as a write error ("Delayed Write Failed" or "The parameter is incorrect").

$ veracrypt -t -l test
1: /tmp/test /dev/loop0 -

Здесь следует отметить, что если я монтирую его без скрытой защиты томов, я получаю /dev/mapper/veracrypt1 вместо /dev/loop0 , и я могу отформатировать его без проблем.

Создать файловую систему на виртуальном устройстве внешнего тома

$ mkfs.ext4 -v /dev/loop0                                              
mke2fs 1.43.4 (31-Jan-2017)
fs_types for mke2fs.conf resolution: 'ext4', 'small'
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=0 blocks
2496 inodes, 9984 blocks
499 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=10223616
2 block groups
8192 blocks per group, 8192 fragments per group
1248 inodes per group
Filesystem UUID: 80ee6d69-1438-493d-84cc-1d3fa289737d
Superblock backups stored on blocks:
        8193

Allocating group tables: done
Writing inode tables: done
Creating journal (1024 blocks): done
Writing superblocks and filesystem accounting information:    
Warning, had trouble writing out superblocks.

Если я спешусь, он скажет, что предотвратил запись на скрытый том.

$ veracrypt -t -d             
Warning: WARNING: Data were attempted to be saved to the hidden volume area of the volume "/home/matthewh/sandbox/crypt/test"!

VeraCrypt prevented these data from being saved in order to protect the hidden volume. This may have caused filesystem corruption on the outer volume and the operating system may have reported a write error ("Delayed Write Failed", "The parameter is incorrect", etc.). The entire volume (both the outer and the hidden part) will be write-protected until it is dismounted.

We strongly recommend that you restart the operating system now.

И если я попытаюсь смонтировать его с файловой системой, это подтвердит повреждение:

$ veracrypt -t -k "" --pim=0 -p $pass --protect-hidden=yes --protection-keyfiles='' --protection-pim=0 --protection-password=$pass2 test mount            
Error: mount: wrong fs type, bad option, bad superblock on /dev/loop0,
       missing codepage or helper program, or other error

       In some cases useful info is found in syslog - try
       dmesg | tail or so.

Я что-то здесь не так делаю?

0