Last updated on 9 February 2016
I have multiple machines, some run Windows and some run Fedora. I also need to keep a significant amount of my data encrypted l, and I need to be able to do this from Windows machines that are not under my control.
Both Windows and Linux have multiple encryption solutions available, with varying levels of uptake and acceptance. However in order to be as compatible as possible for my clients, I decided to use a Windows solution and figure out how to use it on Linux.
BitLocker is the obvious choice for Windows compatability. Enabling BitLocker on a USB stick, will include the executables required to mount the volume on any Windows machine.
Dislocker can be used on Linux systems to mount the Bitlocker volume – although this tool was initially read only it now supports read/write. (Note I have only tried this using ExFAT formatted drives, however I believe FAT and NTFS will also work.)
The following is my cheat sheet of how to install and use dislocker.
Note: All commands as root
Install exfat support
dnf install exfat-utils fuse-exfat
At the moment need to enable the testing repo so that we can get the version of dislocker that supports usb (need at least v0.5) [Could also install from source…]
dnf config-manager --set-enabled updates-testing
dnf install dislocker fuse-dislocker
Disable the testing repo so that we aren’t getting any other unstable packages when we install
dnf config-manager --set-disabled updates-testing
Make a mount point for dislocker container
Make a mount point for the dislocker file
Mounting a BitLocker USB device
Find the usb device probably /dev/sdc1 or similar
Mount the dislocker container (assuming /dev/sdc1 is the USB) using the User password you configured when you setup BitLocker (you will be prompted). Note recovery passwords and filed are also supported.
dislocker -v -V /dev/sdc1 -u -- /mnt/dislocker-container
Make sure that this has worked correctly, ‘dislocker-file’ should be within that directory.
Mount the dislocker-file as a loop device and give everyone permission to write to it (maybe should restrict this more…)
mount -o loop,umask=0,uid=nobody,gid=nobody /mnt/dislocker-container/dislocker-file /mnt/dislocker
Work on the files in /mnt/dislocker you should have read write access (for all users).
Some error about the /mnt/dislocker-container already existing. You don’t have fuse-dislocker installed so it is trying to create an unencrypted copy of the usb.
Its taking ages and running out of disk space. Same as above, it’s trying to make an unencrypted copy of your volume.
Make sure you aren’t in the directories you need to unmount or it will error
Unmount the dislocker-file mount point
Unmount the dislocker container mount point
Eject the USB device using the file manager on the system.
As always, if you have any comments or suggestions please feel free to get in touch.