Differences
This shows you the differences between two versions of the page.
|
cryptsetup [2013/08/22 12:03] |
cryptsetup [2013/08/22 12:03] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== crypsetup ====== | ||
| + | * [[Filesystems]] | ||
| + | * [[Gentoo]] | ||
| + | * [[mdadm]] | ||
| + | |||
| + | * [[http://www.jootamam.net/howto-basic-cryptsetup.htm|Howto: Basic cryptsetup]] | ||
| + | |||
| + | ==== Create New Encrypted Device ==== | ||
| + | |||
| + | In this example, a hard drive device ''/dev/sda'' will have three partitions: root, swap, encrypted filesystem. | ||
| + | |||
| + | Create an encrypted swap partition on ''/dev/sda2'': | ||
| + | |||
| + | <code> | ||
| + | cryptsetup -c blowfish -h sha256 -d /dev/random create swap /dev/sda2 | ||
| + | </code> | ||
| + | |||
| + | This will create the encrypted device ''/dev/mapper/swap''. At this point, you can format it as normal: | ||
| + | |||
| + | <code> | ||
| + | mkswap /dev/mapper/swap | ||
| + | </code> | ||
| + | |||
| + | Now, create the new encrypted device. It will not ask for a name here, only when you open it. | ||
| + | |||
| + | <code> | ||
| + | cryptsetup --verify-passphrase luksFormat /dev/sda3 | ||
| + | </code> | ||
| + | |||
| + | Unlock the encrypted device and name it ''luks0'': | ||
| + | |||
| + | <code> | ||
| + | cryptsetup luksOpen /dev/sda3 luks0 | ||
| + | </code> | ||
| + | |||
| + | Format the new device with a filesystem: | ||
| + | |||
| + | <code> | ||
| + | mkfs.ext4 /dev/mapper/luks0 | ||
| + | </code> | ||
| + | |||
| + | ==== Mount an Encrypted Device ==== | ||
| + | |||
| + | Access the encrypted device and give it a name, in this case ''luks0'': | ||
| + | |||
| + | <code> | ||
| + | cryptsetup luksOpen /dev/sda3 luks0 | ||
| + | </code> | ||
| + | |||
| + | This will create a device ''/dev/mapper/luks0'', which you can then mount as normal: | ||
| + | |||
| + | <code> | ||
| + | mount /dev/mapper/luks0 /mnt/luks0 | ||
| + | </code> | ||
