Differences
This shows you the differences between two versions of the page.
cryptsetup [2013/08/22 12:03] |
cryptsetup [2013/08/22 12:03] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== crypsetup ====== | ||
+ | * [[Filesystems]] | ||
+ | * [[Gentoo]] | ||
+ | * [[mdadm]] | ||
+ | |||
+ | * [[http://www.jootamam.net/howto-basic-cryptsetup.htm|Howto: Basic cryptsetup]] | ||
+ | |||
+ | ==== Create New Encrypted Device ==== | ||
+ | |||
+ | In this example, a hard drive device ''/dev/sda'' will have three partitions: root, swap, encrypted filesystem. | ||
+ | |||
+ | Create an encrypted swap partition on ''/dev/sda2'': | ||
+ | |||
+ | <code> | ||
+ | cryptsetup -c blowfish -h sha256 -d /dev/random create swap /dev/sda2 | ||
+ | </code> | ||
+ | |||
+ | This will create the encrypted device ''/dev/mapper/swap''. At this point, you can format it as normal: | ||
+ | |||
+ | <code> | ||
+ | mkswap /dev/mapper/swap | ||
+ | </code> | ||
+ | |||
+ | Now, create the new encrypted device. It will not ask for a name here, only when you open it. | ||
+ | |||
+ | <code> | ||
+ | cryptsetup --verify-passphrase luksFormat /dev/sda3 | ||
+ | </code> | ||
+ | |||
+ | Unlock the encrypted device and name it ''luks0'': | ||
+ | |||
+ | <code> | ||
+ | cryptsetup luksOpen /dev/sda3 luks0 | ||
+ | </code> | ||
+ | |||
+ | Format the new device with a filesystem: | ||
+ | |||
+ | <code> | ||
+ | mkfs.ext4 /dev/mapper/luks0 | ||
+ | </code> | ||
+ | |||
+ | ==== Mount an Encrypted Device ==== | ||
+ | |||
+ | Access the encrypted device and give it a name, in this case ''luks0'': | ||
+ | |||
+ | <code> | ||
+ | cryptsetup luksOpen /dev/sda3 luks0 | ||
+ | </code> | ||
+ | |||
+ | This will create a device ''/dev/mapper/luks0'', which you can then mount as normal: | ||
+ | |||
+ | <code> | ||
+ | mount /dev/mapper/luks0 /mnt/luks0 | ||
+ | </code> |