How to Create Hidden Filesystems in Linux with Shufflecake

Ramces Red
A photograph of a padlock on top of a laptop keyboard.

Shufflecake is a simple, yet highly powerful filesystem encryption utility for Linux. Unlike traditional disk encryption schemes, Shufflecake works by not only encrypting the data inside a filesystem but also hiding it from the system itself. This article will show you how to install Shufflecake on Ubuntu to create and maintain a hidden and encrypted filesystem in Linux.

Content

Installing Shufflecake

The first step in obtaining Shufflecake is to install its dependencies in your system. To do that, run the following command:

sudo apt install linux-headers-$(uname -r) libdevmapper-dev libgcrypt-dev make gcc

Fetch the latest release tarball from the project’s Codeberg page.

A screenshot of the tarball download for Shufflecake on the developer's Codeberg page.

Navigate to your computer’s Downloads directory, then extract the release archive using Tar:

tar xzf ./Downloads/v0.4.4.tar.gz

FYI: learn how to unzip Tar files on Linux using both graphical and terminal-based tools.

Open the folder for the Shufflecake source code, then run the following command to compile its binary on your system:

cd ./Downloads/shufflecake-c
make

Note: compiling Shufflecake might take between 2 to 5 minutes depending on your computer’s system resources.

Copy Shufflecake from the release folder to your computer’s binary path:

cp ./shufflecake /usr/bin/

Check if your machine can properly run Shufflecake from your system’s path:

shufflecake --help

Creating the Dummy Volume for Shufflecake

For the most part, Shufflecake can work on any type of block storage device. This includes physical disks as well as logical partitions. This makes it useful for creating an external disk with an encrypted filesystem while still being accessible as a regular device.

To create a dummy volume, open the Gnome Disks utility from your application launcher, then select the disk that you want to format.

A screenshot highlighting the external disk that will house the hidden Shufflecake volumes.

Click the dotted button on the window’s upper right corner, then select Format Disk…

A screenshot highlighting the "Format Disk..." option on the Gnome Disks utility for the external disk.

Click the dropdown list beside the Erase: label, then select Overwrite existing data with zeroes (Slow).

A screenshot highlighting the "Overwrite existing data with zeroes" option on the Gnome Disks utility.

Select Format… to start the formatting process.

Once done, click the + icon to create a new partition on your disk.

A screenshot highlighting the "+" symbol for adding a new partitions in disks.

Provide a partition size that’s a quarter of your total disk space. This will serve as your disk’s unencrypted space that you can access without Shufflecake.

A screenshot of the partition size slider for the external disk in Gnome Disks utility.

Select the remaining Free Space block on the Disks utility, then click the + to create a new partition.

A screenshot highlighting the remaining free disk space on the external disk.

Allocate the entire free disk space to your dummy partition. This will allow you to create multiple hidden volumes inside your Shufflecake disk.

Good to know: learn how to create your own custom partitions in Linux.

Initializing the Hidden Shufflecake Volume

At this point, you now have Shufflecake in your system’s binary folder and a dummy disk partition. To create your encrypted filesystem out of it, you need to initialize it in Shufflecake.

Navigate to your release folder, then load the Shufflecake kernel module on your computer:

cd ./Downloads/shufflecake-c
sudo insmod dm-sflc.ko

Run lsblk to find the name of the disk that you want to install Shufflecake on. In my case, I will create a hidden volume inside my dummy partition “/dev/sda2.”

A screenshot showing the sda2 dummy partition in lsblk.

Run the following command to initialize Shufflecake for your dummy partition:

sudo shufflecake init /dev/sda2

Note: Shufflecake will only work on non-system disks. Running Shufflecake on your primary disk will make your OS unbootable.

This will run a wizard prompt where Shufflecake will ask you for the details of your hidden volume. Type “5”, then press Enter to create five hidden volumes.

Provide the password for each of your hidden volumes, then press Enter. Make sure that you’re in a private location before typing it since the Shufflecake wizard will not hide your input.

A screenshot showing the different secret passwords for each of the initialized hidden volumes in Shufflecake.

Note: the initialization process could take between 5 to 10 minutes depending on the size of your partition.

Creating a Filesystem for Your Hidden Volume

Once done, create the filesystem for your hidden volumes. To do this, open the hidden volume that you want to format using the following command:

sudo shufflecake open /dev/sda2

Doing this will prompt you for the password of the volume that you want to open.

A screenshot highlighting the secret password for the hidden "Volume 2" as well as the confirmation message that it's mounted in the system.

Confirm that Shufflecake properly loaded your hidden volume by running lsblk.

A screenshot highlighting the device path for the hidden "Volume 2" in the system.

Create the filesystem that you want to install on your hidden volume. For instance, running mkfs.fat will create a FAT filesystem inside “Volume 2”:

sudo mkfs.fat -F 32 /dev/mapper/sflc_0_2

Note: Shufflecake volumes act as virtual devices inside your computer. As such, you will always find its hidden volumes under “/dev/mapper/sflc_0_n” instead of the regular “/dev.”

After that, Ubuntu should automatically mount your new hidden volume to your current session. To access it, click the Drive icon on the desktop’s left sidebar.

A screenshot highlighting the newly formatted hidden "Volume 2."

Test whether your filesystem is working properly by creating either a file or folder inside it.

Unmounting and Switching Hidden Volumes

Unlike regular disks, ejecting a Shufflecake volume requires you to both unmount the virtual drive and close its Shufflecake connection. To do this, press Right Click on the drive’s icon on the Ubuntu taskbar then select Unmount.

A screenshot highlighting the "Unmount" option on the newly formatted hidden "Volume 2."

Open a new terminal session, then run the following command for your disk:

sudo shufflecake close /dev/sda2

You can also switch to a different section of your Shufflecake disk by re-running sudo shufflecake open /dev/sda2, then providing the appropriate password for your hidden volume.

Changing the Password For Your Hidden Volumes

Aside from creating and loading hidden volumes, the Shufflecake utility also allows you to modify the passwords of existing volumes. To do this, open a new terminal session then run the following command:

sudo shufflecake changepwd /dev/sda2

Doing this will start a wizard that will ask you for the password of the hidden volume that you want to modify. Provide the password, then press Enter.

The wizard will then prompt you for a new password for your hidden volume. Write the new password, then press Enter to apply the new changes.

A screenshot showing the new secret password for the hidden "Volume 2."

Lastly, check whether your new password for your volume works properly by running the testpwd subcommand:

sudo shufflecake testpwd /dev/sda2
A screenshot showing the testpwd subcommand successfully running on the new "Volume 2" password.

Creating and maintaining hidden filesystems in external drives is just the first step in exploring the world of data security and privacy. Learn how to create encrypted files in your filesystem with Tomb.

Image credit: FlyD via Unsplash, Shufflecake Developers, and Wikimedia Commons. All alterations and screenshots by Ramces Red.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Ramces Red
Ramces Red - Staff Writer

Ramces is a technology writer that lived with computers all his life. A prolific reader and a student of Anthropology, he is an eccentric character that writes articles about Linux and anything *nix.

Read Next

A photograph of a computer monitor displaying an audio track in Audacity.
Dynebolic is a Portable OS You Can Bring Everywhere With You
Raspberry Pi Into Radio Station
How to Turn a Raspberry Pi Into a Discord Radio Station
A photograph of a computer monitor screen showing a Docker Compose file.
How to Install Docker in Linux
A photograph of a person using a laptop on a table with a phone beside it.
How to Install the Signal Messenger App in Linux
A photograph of a monitor screen displaying a Git commit history.
7 of the Best Self-Hosted Alternatives to Github
A photograph of a monitor displaying a JSON file.
How to Use jq Command to Process JSON in Linux
A screenshot of a Minecraft world with a logo of the Craft Controller on top of it.
Create Your Own Minecraft Server Controller in Linux with Crafty
A photograph of a computer screen displaying JavaScript code.
How to Install Fossil Version Control System in Linux