Create and format encrypted
partition:
Create a new partition using parted:
Type command ‘parted’ in command line
#parted
This will bring up parted command line utility
Type ‘m’ for help
(parted) mkpart
Partition type? Primary/Extend
: P
Filesystem Type : ext4
Start?
(Parted) print - to view all partitions
Finally format newly created partition
#mkfs.ext4 /dev/sda3
Encrypt partition with cryptsetup
#cryptsetup luksFormat
/dev/sda3
Enter Key to encrypt file system:
Re-enter Key:
# cryptsetup luksOpen /dev/sda3
myvol
(Open the encrypted partition with some name, Here I used myvol)
Check the filesystem is properly opened. If it is, there would be an
entry
#ls -lh /dev/mapper/
lrwxrwxrwx. 1 root root 7 Jan 31 16:43 myvol -> ../dm-2
To mount myvol automatically during boot add fstab entry
/dev/mapper/myvol /test1 ext4
defaults 1 2
To mount by UUID, run
#blkid
This will list all the filesystem
with UUID
Finally and an fstab entry with UUID
UUID=”32-digit-number” /test1
ext4 defauls 1 2
More Important is to add an entry in
/etc/crypttab as
myvol /dev/sda3
crypttab describes encrypted block devices that are setup during
system boot
During boot, system will ask for password to mount
/dev/mapper/myvol on /test1 directory.
To setup automatic mount without password, add a key file for
/dev/mapper/myvol. This has to be in /etc/crypttab as well.
#cryptsetup luksAddKey
/dev/sda3 /home/test /test.txt
Enter the passphrase: (Password
which used to encrypt the filesystem/partition)
New key has been added to file /home/test/test.txt. Include this file
in crypttab and next time when system reboots encrypted partition /dev/sda3
will be automatically mount to /test1 directory
#cat /etc/crypttab
myvol /dev/sda3 /home/test/test.txt
The format is,
mount_point partition_name /path/to/pasphrase/file
Hello,
ReplyDeleteshouldn't the mkfs command appear after the encryption?
No. You can't format an encrypted file system.
Delete