Difference between revisions of "Cryptsetup"
m (adding title) |
|||
| Line 1: | Line 1: | ||
| − | |||
== Encrypting a partition on Ubuntu 7.10 (Gutsy) using cryptsetup (LUKS) == | == Encrypting a partition on Ubuntu 7.10 (Gutsy) using cryptsetup (LUKS) == | ||
| Line 29: | Line 28: | ||
You can label it whatever you want, most people use the same as that in /dev/mapper/ for simplicity. This also assumes you want an ext3 filesystem (the -j option). Make whatever [[filesystem]] you prefer. You can now [[mount]] /dev/mapper/backup manually, or add it to /etc/fstab and /etc/crypttab if it's a static partition. | You can label it whatever you want, most people use the same as that in /dev/mapper/ for simplicity. This also assumes you want an ext3 filesystem (the -j option). Make whatever [[filesystem]] you prefer. You can now [[mount]] /dev/mapper/backup manually, or add it to /etc/fstab and /etc/crypttab if it's a static partition. | ||
| + | |||
| + | |||
| + | == From passphrase prompt to a file == | ||
| + | |||
| + | Although not recommended unless you're aware of the repercussions, you may wish to store the passphrase in a file on your system instead of being prompted. If this is the case, you can create a file either randomly: | ||
| + | |||
| + | $ sudo dd if=/dev/urandom of=/[[Variables|root/lukssecretkey]] bs=1024 count=4 | ||
| + | |||
| + | or manually create a file with any passphrase in it you choose. Assuming sdc5 is the partition you want to encrypt, add the new key: | ||
| + | |||
| + | $ sudo cryptsetup luksAddKey [[Variables|/dev/sdc5]] [[Variables|/root/lukssecretkey]] | ||
| + | |||
| + | finally you want to edit your /etc/crypttab entry to use the keyfile: | ||
| + | |||
| + | # <target name> <source device> <key file> <options> | ||
| + | crypto [[Variables|/dev/sdc5]] [[Variables|/root/lukssecretkey]] luks,check=ext2,retry=5 | ||
Revision as of 11:40, 27 August 2008
Encrypting a partition on Ubuntu 7.10 (Gutsy) using cryptsetup (LUKS)
- fdisk your partitions and remember them.
I will use sdb2 in my example.
- $ sudo apt-get install cryptsetup
- $ sudo cryptsetup luksFormat /dev/sdb2 -c aes -s 256 -h sha256
WARNING! ======== This will overwrite data on /dev/sdb2 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase:
This is where you make up a password.
- sudo cryptsetup luksOpen /dev/sdb2 backup
I called it backup, you can call it whatever you want. You can do
$ ls -la /dev/mapper
and you should be able to see it!
- $ sudo mke2fs -j /dev/mapper/backup -L backup
You can label it whatever you want, most people use the same as that in /dev/mapper/ for simplicity. This also assumes you want an ext3 filesystem (the -j option). Make whatever filesystem you prefer. You can now mount /dev/mapper/backup manually, or add it to /etc/fstab and /etc/crypttab if it's a static partition.
From passphrase prompt to a file
Although not recommended unless you're aware of the repercussions, you may wish to store the passphrase in a file on your system instead of being prompted. If this is the case, you can create a file either randomly:
$ sudo dd if=/dev/urandom of=/root/lukssecretkey bs=1024 count=4
or manually create a file with any passphrase in it you choose. Assuming sdc5 is the partition you want to encrypt, add the new key:
$ sudo cryptsetup luksAddKey /dev/sdc5 /root/lukssecretkey
finally you want to edit your /etc/crypttab entry to use the keyfile:
# <target name> <source device> <key file> <options> crypto /dev/sdc5 /root/lukssecretkey luks,check=ext2,retry=5
