Cryptsetup: Difference between revisions
New page: This was tried on Ubuntu 7.10 (Gutsy) * fdisk your partitions and remember them. I will use sdb2 in my example. * $ sudo apt-get install cryptsetup * $ sudo cryptset... |
No edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== Find encrypted partitions == | |||
* lsblk -lf | grep LUKS | |||
== Manually mounting an encrypted partition == | |||
* $ sudo cryptsetup luksOpen /dev/sda1 encrypted_partition | |||
* $ sudo mkdir /media/decrypted_partition | |||
* $ sudo mount /dev/mapper/encrypted_partition /media/decrypted_partition | |||
== Manually unmounting a temporarily decrypted partition == | |||
* $ sudo umount /media/decrypted_partition | |||
* $ sudo cryptsetup luksClose encrypted_partition | |||
== Encrypting a partition on Ubuntu 7.10 (Gutsy) using cryptsetup (LUKS) == | |||
* fdisk your [[partition]]s and remember them. | * fdisk your [[partition]]s and remember them. | ||
| Line 28: | Line 43: | ||
You can label it whatever you want, most people use the same as that in /dev/mapper/ for simplicity. This also assumes you want an ext3 filesystem (the -j option). Make whatever [[filesystem]] you prefer. You can now [[mount]] /dev/mapper/backup manually, or add it to /etc/fstab and /etc/crypttab if it's a static partition. | You can label it whatever you want, most people use the same as that in /dev/mapper/ for simplicity. This also assumes you want an ext3 filesystem (the -j option). Make whatever [[filesystem]] you prefer. You can now [[mount]] /dev/mapper/backup manually, or add it to /etc/fstab and /etc/crypttab if it's a static partition. | ||
== From passphrase prompt to a file == | |||
Although not recommended unless you're aware of the repercussions, you may wish to store the passphrase in a file on your system instead of being prompted. If this is the case, you can create a file either randomly: | |||
$ sudo dd if=/dev/urandom of=/[[Variables|root/lukssecretkey]] bs=1024 count=4 | |||
or manually create a file with any passphrase in it you choose. Assuming sdc5 is the partition you want to encrypt, add the new key: | |||
$ sudo cryptsetup luksAddKey [[Variables|/dev/sdc5]] [[Variables|/root/lukssecretkey]] | |||
finally you want to edit your /etc/crypttab entry to use the keyfile: | |||
# <target name> <source device> <key file> <options> | |||
crypto [[Variables|/dev/sdc5]] [[Variables|/root/lukssecretkey]] luks,check=ext2,retry=5 | |||
Latest revision as of 15:26, 31 July 2019
Find encrypted partitions
- lsblk -lf | grep LUKS
Manually mounting an encrypted partition
- $ sudo cryptsetup luksOpen /dev/sda1 encrypted_partition
- $ sudo mkdir /media/decrypted_partition
- $ sudo mount /dev/mapper/encrypted_partition /media/decrypted_partition
Manually unmounting a temporarily decrypted partition
- $ sudo umount /media/decrypted_partition
- $ sudo cryptsetup luksClose encrypted_partition
Encrypting a partition on Ubuntu 7.10 (Gutsy) using cryptsetup (LUKS)
- fdisk your partitions and remember them.
I will use sdb2 in my example.
- $ sudo apt-get install cryptsetup
- $ sudo cryptsetup luksFormat /dev/sdb2 -c aes -s 256 -h sha256
WARNING! ======== This will overwrite data on /dev/sdb2 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase:
This is where you make up a password.
- sudo cryptsetup luksOpen /dev/sdb2 backup
I called it backup, you can call it whatever you want. You can do
$ ls -la /dev/mapper
and you should be able to see it!
- $ sudo mke2fs -j /dev/mapper/backup -L backup
You can label it whatever you want, most people use the same as that in /dev/mapper/ for simplicity. This also assumes you want an ext3 filesystem (the -j option). Make whatever filesystem you prefer. You can now mount /dev/mapper/backup manually, or add it to /etc/fstab and /etc/crypttab if it's a static partition.
From passphrase prompt to a file
Although not recommended unless you're aware of the repercussions, you may wish to store the passphrase in a file on your system instead of being prompted. If this is the case, you can create a file either randomly:
$ sudo dd if=/dev/urandom of=/root/lukssecretkey bs=1024 count=4
or manually create a file with any passphrase in it you choose. Assuming sdc5 is the partition you want to encrypt, add the new key:
$ sudo cryptsetup luksAddKey /dev/sdc5 /root/lukssecretkey
finally you want to edit your /etc/crypttab entry to use the keyfile:
# <target name> <source device> <key file> <options> crypto /dev/sdc5 /root/lukssecretkey luks,check=ext2,retry=5
