The partition can be a whole disk (a pendrive per example), a partition or even a lvm volume. In this case, we are going to use a lvm volume using a hard disk
Once opened, we can access it as a non-encrypted partition available under /dev/mapper/crypt (all the names can be changed to something more suitable for you), so we can format and access it like a normal partition.
root@squeeze:~# mkfs.ext4 /dev/mapper/crypt
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=0 blocks
51000 inodes, 203772 blocks
10188 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67371008
25 block groups
8192 blocks per group, 8192 fragments per group
2040 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 36 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
root@squeeze:~# mount /dev/mapper/crypt /media/crypt/
If you are using a graphical desktop, like GNOME, it can manage it automatically with Nautilus, asking you the pass-phrase and root password.
You can avoid to work in the command line using the /etc/crypttab file, to open this filesystem during system boot. The systax of this file is pretty simple:
Using the disk UUID we can avoid future problems of the disk not being in the same path (like a pendrive)
At boot time, the system will ask for the passphare to open the encrypted disk
We can also especify a file with the key, to avoid this question. We can have a external usb drive with this file, or we can have this key files locally, to open external usb drives.
The partition can be a whole disk (a pendrive per example), a partition or even a lvm volume. In this case, we are going to use a lvm volume using a hard disk
After this, the best thing to do is to write random data in the partition to generate noise.
root@squeeze:~# dd if=/dev/urandom of=/dev/mapper/vol0-lv_crypt dd: writing to `/dev/mapper/vol0-lv_crypt': No space left on device 409601+0 records in 409600+0 records out 209715200 bytes (210 MB) copied, 60.7331 s, 3.5 MB/s
Finally, we create/format the encrypted partition, and open it to have it available to the system
WARNING! ======== This will overwrite data on /dev/mapper/vol0-lv_crypt irrevocably.
Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase: root@squeeze:~# cryptsetup luksOpen /dev/mapper/vol0-lv_crypt crypt Enter passphrase for /dev/mapper/vol0-lv_crypt:
Once opened, we can access it as a non-encrypted partition available under /dev/mapper/crypt (all the names can be changed to something more suitable for you), so we can format and access it like a normal partition.
root@squeeze:~# mkfs.ext4 /dev/mapper/crypt mke2fs 1.41.12 (17-May-2010) Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) Stride=0 blocks, Stripe width=0 blocks 51000 inodes, 203772 blocks 10188 blocks (5.00%) reserved for the super user First data block=1 Maximum filesystem blocks=67371008 25 block groups 8192 blocks per group, 8192 fragments per group 2040 inodes per group Superblock backups stored on blocks: 8193, 24577, 40961, 57345, 73729
This filesystem will be automatically checked every 36 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override.
root@squeeze:~# mount /dev/mapper/crypt /media/crypt/
If you are using a graphical desktop, like GNOME, it can manage it automatically with Nautilus, asking you the pass-phrase and root password.
You can avoid to work in the command line using the /etc/crypttab file, to open this filesystem during system boot. The systax of this file is pretty simple:
Using the disk UUID we can avoid future problems of the disk not being in the same path (like a pendrive)
At boot time, the system will ask for the passphare to open the encrypted disk
We can also especify a file with the key, to avoid this question. We can have a external usb drive with this file, or we can have this key files locally, to open external usb drives.
