Difference between revisions of "Cryptsetup"
From Christoph's Personal Wiki
(→Example) |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 4: | Line 4: | ||
*Create an encrypted file system on a given partition: | *Create an encrypted file system on a given partition: | ||
fdisk -cu /dev/xvde1 | fdisk -cu /dev/xvde1 | ||
| + | partx -a /dev/xvde | ||
cryptsetup luksFormat /dev/xvde1 | cryptsetup luksFormat /dev/xvde1 | ||
cryptsetup luksOpen /dev/xvde1 vault | cryptsetup luksOpen /dev/xvde1 vault | ||
| Line 11: | Line 12: | ||
*Edit <code>/etc/fstab</code> and add the following line: | *Edit <code>/etc/fstab</code> and add the following line: | ||
/dev/mapper/vault /vault ext4 defaults 1 2 | /dev/mapper/vault /vault ext4 defaults 1 2 | ||
| + | *Test mount points: | ||
| + | mount -a | ||
*Create/edit <code>/etc/crypttab</code> and add the following line: | *Create/edit <code>/etc/crypttab</code> and add the following line: | ||
vault /dev/xvde1 | vault /dev/xvde1 | ||
*Allow for automated boot with your <code>/vault</code> drive automatically mounted and password entered (this is a '''''very''''' bad idea, as it defeats the ''entire'' purpose of LUKS encrypted partitions): | *Allow for automated boot with your <code>/vault</code> drive automatically mounted and password entered (this is a '''''very''''' bad idea, as it defeats the ''entire'' purpose of LUKS encrypted partitions): | ||
| − | echo -n "vault /dev/xvde1 /root/vault" > /etc/crypttab | + | echo -n "vault /dev/xvde1 /root/.vault" > /etc/crypttab |
| − | echo -n "your_password" > /root/vault | + | echo -n "your_password" > /root/.vault |
| − | chown root /root/vault && chmod 600 /root/vault | + | chown root /root/.vault && chmod 600 /root/.vault |
| − | cryptsetup luksAddKey /dev/xvde1 /root/vault | + | cryptsetup luksAddKey /dev/xvde1 /root/.vault |
| + | *Close | ||
| + | cryptsetup luksClose vault | ||
| + | |||
| + | <!-- $ mount -o remount,rw / --> | ||
==External links== | ==External links== | ||
*[http://code.google.com/p/cryptsetup/ Official cryptsetup website] | *[http://code.google.com/p/cryptsetup/ Official cryptsetup website] | ||
[[Category:Linux Command Line Tools]] | [[Category:Linux Command Line Tools]] | ||
Latest revision as of 19:06, 5 May 2014
cryptsetup is utility used to conveniently setup disk encryption based on dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.
Example
- Create an encrypted file system on a given partition:
fdisk -cu /dev/xvde1 partx -a /dev/xvde cryptsetup luksFormat /dev/xvde1 cryptsetup luksOpen /dev/xvde1 vault mkfs.ext4 /dev/mapper/vault mkdir /vault
- Edit
/etc/fstaband add the following line:
/dev/mapper/vault /vault ext4 defaults 1 2
- Test mount points:
mount -a
- Create/edit
/etc/crypttaband add the following line:
vault /dev/xvde1
- Allow for automated boot with your
/vaultdrive automatically mounted and password entered (this is a very bad idea, as it defeats the entire purpose of LUKS encrypted partitions):
echo -n "vault /dev/xvde1 /root/.vault" > /etc/crypttab echo -n "your_password" > /root/.vault chown root /root/.vault && chmod 600 /root/.vault cryptsetup luksAddKey /dev/xvde1 /root/.vault
- Close
cryptsetup luksClose vault
