Difference between revisions of "Cryptsetup"
From Christoph's Personal Wiki
(New page: '''<code>cryptsetup</code>''' is utility used to conveniently setup disk encryption based on dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCr...) |
(→Example) |
||
Line 15: | Line 15: | ||
*Allow for automated boot with your <code>/vault</code> drive automatically mounted and password entered (this is a '''''very''''' bad idea, as it defeats the ''entire'' purpose of LUKS encrypted partitions): | *Allow for automated boot with your <code>/vault</code> drive automatically mounted and password entered (this is a '''''very''''' bad idea, as it defeats the ''entire'' purpose of LUKS encrypted partitions): | ||
− | echo -n "vault /dev/xvde1 /root/vault | + | echo -n "vault /dev/xvde1 /root/vault" > /etc/crypttab |
echo -n "your_password" > /root/vault | echo -n "your_password" > /root/vault | ||
chown root /root/vault && chmod 600 /root/vault | chown root /root/vault && chmod 600 /root/vault |
Revision as of 04:12, 9 March 2014
cryptsetup
is utility used to conveniently setup disk encryption based on dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.
Example
- Create an encrypted file system on a given partition:
fdisk -cu /dev/xvde1 cryptsetup luksFormat /dev/xvde1 cryptsetup luksOpen /dev/xvde1 vault mkfs.ext4 /dev/mapper/vault mkdir /vault
- Edit
/etc/fstab
and add the following line:
/dev/mapper/vault /vault ext4 defaults 1 2
- Create/edit
/etc/crypttab
and add the following line:
vault /dev/vda5
- Allow for automated boot with your
/vault
drive automatically mounted and password entered (this is a very bad idea, as it defeats the entire purpose of LUKS encrypted partitions):
echo -n "vault /dev/xvde1 /root/vault" > /etc/crypttab echo -n "your_password" > /root/vault chown root /root/vault && chmod 600 /root/vault cryptsetup luksAddKey /dev/xvde1 /root/vault