Last updated on 9 February 2016
I have multiple machines, some run Windows and some run Fedora. I also need to keep a significant amount of my data encrypted l, and I need to be able to do this from Windows machines that are not under my control.
Both Windows and Linux have multiple encryption solutions available, with varying levels of uptake and acceptance. However in order to be as compatible as possible for my clients, I decided to use a Windows solution and figure out how to use it on Linux.
BitLocker is the obvious choice for Windows compatability. Enabling BitLocker on a USB stick, will include the executables required to mount the volume on any Windows machine.
Dislocker can be used on Linux systems to mount the Bitlocker volume – although this tool was initially read only it now supports read/write. (Note I have only tried this using ExFAT formatted drives, however I believe FAT and NTFS will also work.)
The following is my cheat sheet of how to install and use dislocker.
Note: All commands as root
Installing dislocker
Install exfat support
dnf install exfat-utils fuse-exfat
At the moment need to enable the testing repo so that we can get the version of dislocker that supports usb (need at least v0.5) [Could also install from source…]
dnf config-manager --set-enabled updates-testing
Install dislocker
dnf install dislocker fuse-dislocker
Disable the testing repo so that we aren’t getting any other unstable packages when we install
dnf config-manager --set-disabled updates-testing
Make a mount point for dislocker container
mkdir /mnt/dislocker-container
Make a mount point for the dislocker file
mkdir /mnt/dislocker
Mounting a BitLocker USB device
Find the usb device probably /dev/sdc1 or similar
fdisk -l
Mount the dislocker container (assuming /dev/sdc1 is the USB) using the User password you configured when you setup BitLocker (you will be prompted). Note recovery passwords and filed are also supported.
dislocker -v -V /dev/sdc1 -u -- /mnt/dislocker-container
Make sure that this has worked correctly, ‘dislocker-file’ should be within that directory.
ls /mnt/dislocker-container/dislocker-file
Mount the dislocker-file as a loop device and give everyone permission to write to it (maybe should restrict this more…)
mount -o loop,umask=0,uid=nobody,gid=nobody /mnt/dislocker-container/dislocker-file /mnt/dislocker
Thats it!
Work on the files in /mnt/dislocker you should have read write access (for all users).
Common Errors:
Some error about the /mnt/dislocker-container already existing. You don’t have fuse-dislocker installed so it is trying to create an unencrypted copy of the usb.
Its taking ages and running out of disk space. Same as above, it’s trying to make an unencrypted copy of your volume.
Unmounting
Make sure you aren’t in the directories you need to unmount or it will error
cd /mnt
Unmount the dislocker-file mount point
umount /mnt/dislocker
Unmount the dislocker container mount point
umount /mnt/dislocker-container
Eject the USB device using the file manager on the system.
Done!
As always, if you have any comments or suggestions please feel free to get in touch.
Just installed Dislocker on Ubuntu 16.04 using another tutorial. Had trouble understanding how to get it to work. Your cheat sheet did the trick. Thanks! It is working. Question. Is the Dislocker file actually the same size as the drive? I have an 8gb Bitlocker SD card. Dislocker file is 8 GB. It works near instantly so I guess am OK but curious…why 2 mount points and the file size of Dislocker file? (no disk space problems..but if bitlocker drive was a terabyte or two…)
Hi
The dislocker file is being mounted as a loop device (https://en.m.wikipedia.org/wiki/Loop_device) so can be utilised in the same manner as a normal block device. You shouldn’t have any problems with disk space when encrypting / decrypting unless you omit the ‘loop’ argument.
To be honest I haven’t looked into the specifics of why there are 2 mount points, but I assume the first is for the encrypted volume and the second is for the filesystem the volume contains…