Skip to content

Instantly share code, notes, and snippets.

@mrphs

mrphs/luks-partition.md

Last active January 18, 2017 01:22
Show Gist options
  • Save mrphs/300e5e08af4b02576a67 to your computer and use it in GitHub Desktop.
Save mrphs/300e5e08af4b02576a67 to your computer and use it in GitHub Desktop.
Download ZIP
How to setup an encrypted partition with LUKS (cryptsetup)
Raw
luks-partition.md

Step 0

$ sudo apt-get install cryptsetup

Step 1

use 'lsblk' to get the list of available devices $ lsblk sample output:

NAME  MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda   202:1    0   8G  0 disk /
sdb               50G  0 disk

now run cryptsetup.

warning: The following command will remove all data on the partition that you are encrypting (/dev/sdb). You WILL lose all your information!"

$ cryptsetup -y -v luksFormat /dev/sdb

Remember: there's no way to recover this passphrase. make sure you'll remember it in future, otherwise you'll lose all your data.

Remember: you need to type YES in uppercase. You're welcome.

WARNING!
========
This will overwrite data on /dev/sdb irrevocably.
 
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.

Step 2:

Open the encrypted volume and map it to data or whatever name you want.

$ cryptsetup luksOpen /dev/sdb data

you'll have to enter the passphrase now.

to verify mapping process. run the following command:

$ ls -l /dev/mapper/data

you should see something like this:

lrwxrwxrwx 1 root root 7 Oct 19 19:37 /dev/mapper/data -> ../dm-0

and to see the status of mapping:

$ cryptsetup -v status data

and if curious to see the LUKS header you can run:

$ cryptsetup luksDump /dev/sdb

Step 3

Write zero to your newly encrypted device (/dev/mapped/data). Allocating block data with zeros helps you to ensures that outside world will see this as random data, which could protect you against usage patters attacks, etc:

$ pv -tpreb /dev/zero | dd of=/dev/mapper/data bs=1024M

Note 1: I've used pv in the example to see the progress. to install pv you can type # sudo apt-get install pv -y. Note 2: to use dd without pv, you may use this command: $ dd if=/dev/zero of=/dev/mapper/data

Now we need to create a filesystem. I've used ext4, you may chose whatever:

$ mkfs.ext4 /dev/mapper/data

Now that we've created one, we need to mount it:

$ mkdir /data
$ mount /dev/mapper/data /data

That's it.

To make the newly created drive writable for all users, you probably need to do a # sudo chmod 777 /data.

To lock the drive and secure the data, you need to umnount it using this command: $ umount /data and then secure it with $ cryptsetup luksClose data

to remount:

$ cryptsetup luksOpen /dev/sdb data
$ mount /dev/mapper/data /data

to see if it's mounted sucessfully type $ mount.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment