Skip to content

Using BitLocker To Go on Fedora 23 (dislocker)

Last updated on 9 February 2016

I have multiple machines, some run Windows and some run Fedora. I also need to keep a significant amount of my data encrypted l, and I need to be able to do this from Windows machines that are not under my control.

Both Windows and Linux have multiple encryption solutions available, with varying levels of uptake and acceptance. However in order to be as compatible as possible for my clients, I decided to use a Windows solution and figure out how to use it on Linux.

BitLocker  is the obvious choice for Windows compatability. Enabling BitLocker on a USB stick, will include the executables required to mount the volume on any Windows machine.

Dislocker can be used on Linux systems to mount the Bitlocker volume – although this tool was initially read only it now supports read/write. (Note I have only tried this using ExFAT formatted drives, however I believe FAT and NTFS will also work.)

The following is my cheat sheet of how to install and use dislocker.

Note: All commands as root

Installing dislocker

Install exfat support

dnf install exfat-utils fuse-exfat

At the moment need to enable the testing repo so that we can get the version of dislocker that supports usb (need at least v0.5) [Could also install from source…]

dnf config-manager --set-enabled updates-testing

Install dislocker

dnf install dislocker fuse-dislocker

Disable the testing repo so that we aren’t getting any other unstable packages when we install

dnf config-manager --set-disabled updates-testing

 

Make a mount point for dislocker container

mkdir /mnt/dislocker-container

Make a mount point for the dislocker file

mkdir /mnt/dislocker

 

Mounting a BitLocker USB device

Find the usb device probably /dev/sdc1 or similar

fdisk -l

Mount the dislocker container (assuming /dev/sdc1 is the USB) using the User password you configured when you setup BitLocker (you will be prompted). Note recovery passwords and filed are also supported.

dislocker -v -V /dev/sdc1 -u -- /mnt/dislocker-container

Make sure that this has worked correctly, ‘dislocker-file’  should be within that directory.

ls /mnt/dislocker-container/dislocker-file

Mount the dislocker-file as a loop device and give everyone permission to write to it (maybe should restrict this more…)

mount -o loop,umask=0,uid=nobody,gid=nobody /mnt/dislocker-container/dislocker-file /mnt/dislocker

Thats it!
Work on the files in /mnt/dislocker you should have read write access (for all users).

Common Errors:

Some error about the /mnt/dislocker-container already existing. You don’t have fuse-dislocker installed so it is trying to create an unencrypted copy of the usb.

Its taking ages and running out of disk space. Same as above, it’s trying to make an unencrypted copy of your volume.

Unmounting

Make sure you aren’t in the directories you need to unmount or it will error

cd /mnt

Unmount the dislocker-file mount point

umount /mnt/dislocker

Unmount the dislocker container mount point

umount /mnt/dislocker-container

Eject the USB device using the file manager on the system.

Done!


As always, if you have any comments or suggestions please feel free to get in touch.

Published inInstalling and Configuring (notes to my future self)

2 Comments

  1. Alias Preston Alias Preston

    Just installed Dislocker on Ubuntu 16.04 using another tutorial. Had trouble understanding how to get it to work. Your cheat sheet did the trick. Thanks! It is working. Question. Is the Dislocker file actually the same size as the drive? I have an 8gb Bitlocker SD card. Dislocker file is 8 GB. It works near instantly so I guess am OK but curious…why 2 mount points and the file size of Dislocker file? (no disk space problems..but if bitlocker drive was a terabyte or two…)

    • GrimHacker GrimHacker

      Hi
      The dislocker file is being mounted as a loop device (https://en.m.wikipedia.org/wiki/Loop_device) so can be utilised in the same manner as a normal block device. You shouldn’t have any problems with disk space when encrypting / decrypting unless you omit the ‘loop’ argument.

      To be honest I haven’t looked into the specifics of why there are 2 mount points, but I assume the first is for the encrypted volume and the second is for the filesystem the volume contains…

Leave a Reply

Your email address will not be published. Required fields are marked *