Create an encrypted file system on Android with LUKS

LUKS is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it not only facilitates compatibility among distributions, but also provides secure management of multiple user passwords.

Building off the work from other great sources, the Guardian Project hack team decided to take a crack at porting LUKS to Android recently, with the goal of creating a proof of concept build process that can be easily adapted to future projects.

On our stock Guardian hardware (rooted NexusOne running CyanogenMod) we were able to create a 50MB “secretagentman.mp3″ file on the device sdcard to store our encrypted filesystem. We think the possibilities for enhanced privacy here are great: to the average phone snooper, this would appear as just another harmless media file on your device storage!

You can give it a shot by following the instructions over at the project wiki. Note that the build process requires setting up the Android NDK on your machine, and the current setup process must be done through adb shell or terminal, requiring root permissions. Work on a GUI is just getting started.

As usual we encourage those wishing to get involved to check out our projects on Git, get in touch with us, and join us on IRC at #guardianproject on freenode.

6 thoughts on “Create an encrypted file system on Android with LUKS

  1. nice instructions on the wiki, two things tho:
    “dd if=/dev/zero of=/mnt/sdcard/secretagentman.mp3 bs=1M count=50000000″
    this creates a 50 TB file on the sdcard. you can see where this would be problematic 😉 and:
    “Change the permissions to root read only on the hidden file /mnt/sdcard/.temp.file”
    nice idea, sadly the sdcard is fat32, which doesn’t support unix-style permissions…

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>