Tags

employment
llc
xrp
redhat
ripple
interfaces
ncurses
ruby
refs
filesystems
retro gaming
raspberry pi
sinatra
3d printing
nethack
gcc
compiler
fedora
virtfs
project
gaming
vim
grep
sed
aikido
philosophy
splix
android
lvm
storage
bitcoin
projects
sig315
miq
db
polisher
meditation
hopex
conferences
omega
simulator
bundler_ext
rubygems
book review
google code in
isitfedoraruby
svn
gsoc
design patters
jsonrpc
rjr
aeolus
ohiolinuxfest
rome
europe
travel
brno
gtk
python
puppet
conference
fudcon
html5
snap
tips
ssh
linux
hardware
libvirt
virtualization
engineering expo
cloud
redmine
plugins
rpm
yum
rake
screencasting
jruby
fosscon
pidgin
gnome-shell
distros
notacon
presentation
rails
deltacloud
apache
qmf
passenger
syrlug
hackerspace
music
massive attack
backups
crypto
vnc
xsd
rxsd
x3d
mercurial
webdev
ovirt
qpid
haikus
poetry
legaleese
jquery
selenium
testing
xpath
git
sshfs
svg
ldap
autotools
pygtk
xmlrpc
slackware

Jan 22 2010 linux crypto

How to encrypt a linux partition.

Essentially the goal for this article is to setup a partition under Linux under which all data that is stored will be encrypted and ‘inaccessible’ to those without the correct key (course with all the password-cracking software out there today, who knows what really is secure). This is actually a very simple task, with instructions scattered over the Internet, so I just simply consolidated the most useful directions I found into the guide below:

Partition Device to encrypt      /dev/sda1
Encrypted-Partition Device       /dev/mapper/enc
Enrypted-filesystem Mount Point  /mnt/enc

Guide:

  1. umount /dev/sda1
  2. dd if=/dev/urandom of=/etc/enc-key bs=1c count=32
  3. make sure /etc/enc-key is only readable by root, you will need this file wherever you want to access the enc filesystem
  4. cryptsetup -d /etc/enc-key create enc /dev/sda1 # feel free to alter options to alter cipher, algorithm, etc
  5. mkfs.ext3 /dev/mapper/enc
  6. mkdir /mnt/enc
  7. mount /dev/mapper/enc /mnt/enc
  8. edit /etc/crypttab and add: “enc /dev/sda1 /etc/enc-key cipher=aes”
  9. edit /etc/fstab and add: ??? “/dev/mapper/enc /mnt/enc ext3 defaults 0 0”
  10. Copy key to a secure location. Though not technically required, should you loose /etc/enc-key you will not be able to access the data on your partition. To do this, it is recommended copying this file to a secure location, off network, physically locked if possible.

From now out, /mnt/enc will be automounted and any subsequent read / writes to the filesystem will be automatically encrypted / decrypted so long as /etc/enc-key exists and is registered w/ the partition in /etc/crypttab. I’m sure there are a million other ways to do this (it is Linux afterall), some of which are probably more secure, but this is a simply, quick, setup that should get you started in no time.

Resources:

http://www.linuxjournal.com/article/7743

http://www.linux.com/articles/36596