Encrypting a partition with cryptsetup
January 20th, 2008
Random Data
To make the encryption secure you need to fill the partition with random data before-hand. This ensures that no information about the encryption key can be gained from an analysis.
Find out where your partition is mounted. Make your sure is really the correct path, you don’t want to overwrite the wrong partition. For me, it was /dev/sdb2, so I called
dd if=/dev/urandom of=/dev/sdb2
Be aware that depending on size of the partition and the CPU speed this may take up to a couple of hours. In my case it took about 1.14 hours to write 12 gigabytes.
Sponsored Links
Create Encrypted Partition
Before you start creating the encrypted partition, ensure that the following modules are loaded.
modprobe aes
modprobe dm_mod
modprobe dm_crypt
1. Create the device mapping.
cryptsetup -v --key-size 256 luksFormat /dev/sdb2
It will ask you “Are you sure?(Type uppercase yes):” but I always got “Command failed.” Why? I did not read the question. This took me a while to figure out, but the trick is to “Type uppercase yes”. Duh!
2. View the details of the encrypted partition.
cryptsetup luksDump /dev/sdb2
3. Open the encrypted partition.
cryptsetup luksOpen /dev/sdb2 backup-2
This should have created an entry in /dev/mapper, called backup.
4. Create a file system on the new device.
/sbin/mkfs.ext3 -O dir_index,resize_inode /dev/mapper/backup
I used ext3, but you can use any file system you like.
5. Mount encrypted partition.
mkdir /mnt/backup
mount /dev/mapper/backup /mnt/backup
Done. At least it worked for me.
Sponsored Links
Regular Mounting
Whenever I connect my backup drive, I have to call
cryptsetup luksOpen /dev/sdb2 backup
mount /dev/mapper/backup /mnt/backup
or use GNOME which does it automatically.
Leave a Reply