How to encrypt a linux partition. Jan 22, 2010
Essentially the goal for this article is to setup a partition under Linux under which all data that is stored will be encrypted and ‘inaccessible’ to those without the correct key (course with all the password-cracking software out there today, who knows what really is secure). This is actually a very simple task, with instructions scattered over the Internet, so I just simply consolidated the most useful directions I found into the guide below:
Partition Device to encrypt /dev/sda1 Encrypted-Partition Device /dev/mapper/enc Enrypted-filesystem Mount Point /mnt/enc
- umount /dev/sda1
- dd if=/dev/urandom of=/etc/enc-key bs=1c count=32
- make sure /etc/enc-key is only readable by root, you will need this file wherever you want to access the enc filesystem
- cryptsetup -d /etc/enc-key create enc /dev/sda1 # feel free to alter options to alter cipher, algorithm, etc
- mkfs.ext3 /dev/mapper/enc
- mkdir /mnt/enc
- mount /dev/mapper/enc /mnt/enc
- edit /etc/crypttab and add: “enc /dev/sda1 /etc/enc-key cipher=aes”
- edit /etc/fstab and add: ??? “/dev/mapper/enc /mnt/enc ext3 defaults 0 0”
- Copy key to a secure location. Though not technically required, should you loose /etc/enc-key you will not be able to access the data on your partition. To do this, it is recommended copying this file to a secure location, off network, physically locked if possible.
From now out, /mnt/enc will be automounted and any subsequent read / writes to the filesystem will be automatically encrypted / decrypted so long as /etc/enc-key exists and is registered w/ the partition in /etc/crypttab. I’m sure there are a million other ways to do this (it is Linux afterall), some of which are probably more secure, but this is a simply, quick, setup that should get you started in no time.