Difference between revisions of "Cryptsetup"

From Christoph's Personal Wiki
Jump to: navigation, search
(New page: '''<code>cryptsetup</code>''' is utility used to conveniently setup disk encryption based on dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCr...)
(No difference)

Revision as of 18:32, 27 February 2014

cryptsetup is utility used to conveniently setup disk encryption based on dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

Example

  • Create an encrypted file system on a given partition:
fdisk -cu /dev/xvde1
cryptsetup luksFormat /dev/xvde1
cryptsetup luksOpen /dev/xvde1 vault
mkfs.ext4 /dev/mapper/vault
mkdir /vault
  • Edit /etc/fstab and add the following line:
/dev/mapper/vault  /vault  ext4  defaults  1 2
  • Create/edit /etc/crypttab and add the following line:
vault  /dev/vda5
  • Allow for automated boot with your /vault drive automatically mounted and password entered (this is a very bad idea, as it defeats the entire purpose of LUKS encrypted partitions):
echo -n "vault  /dev/xvde1  /root/vault
echo -n "your_password" > /root/vault
chown root /root/vault && chmod 600 /root/vault
cryptsetup luksAddKey /dev/xvde1 /root/vault

External links