IOCipher¶

How to mount a IOCipher vfs container file on Debian GNU/Linux and friends¶

You need to build libsqlfs from source (./configure && make). The virtual disk file and password is hard-coded to /tmp/fsdata in fuse_sqlfs.c. Then to mount it, run ./fuse_sqlfs command after its built from libsqlfs source. Here's the whole process:


sudo apt-get install libsqlcipher-dev
git clone https://github.com/guardianproject/libsqlfs
cd libsqlfs
./configure
make
cp /path/to/my/vfsfile.db /tmp/fsdata
mkdir /tmp/vfsfilemnt
echo mypassword | ./fuse_sqlfs /tmp/vfsfilemnt
kill `ps auxww | grep '[f]use_sqlfs ' | cut -b9-16` # unmount


If you want to do this as root, you can also mount it that way:

echo mypassword | sudo ./fuse_sqlfs -o allow_other /tmp/vfsfilemnt
sudo umount /tmp/vfsfilemnt


Either way, the contents will then be available under /tmp/vfsfilemnt. You can also use the included utilities sqlfscat and sqlfsls to access files inside the vfs container without mounting it. For those, you send the VFS password to stdin, e.g.:


echo mypassword | sqlfsls myvfs.db
echo mypassword | sqlfscat myvfs.db /secret.txt


If you are using CacheWord with IOCipher, then there is a level of indirection between the password you type, and the key that is provided to IOCipher. With CacheWord, the password unlocks the encryped key, and that key unlocks IOCipher.