LinuxTECH.NET
advertisement
  Home    |     News    |     Reviews    |     Features    |     Tips+Tricks    |     Downloads    |     Contact Us  
 

Linux Disk encryption in 2 easy steps

How to create an encrypted memory stick, USB disk, or partition with Linux

Initial Setup

These steps will create a newly initialized encrypted partition on any block device (e.g. memory stick, memory card, USB disk, internal hard disk partition, DVD-RAM disk, etc.).
Any existing data on the partition will be lost, therefore must be backed up first!

  • open a console and type the following command to initialise the partition with random data (depending on your system configuration you might need to do this as 'root' user):
     dd if=/dev/urandom of=/dev/sdXX bs=512 
    ('sdXX' needs to be replaced by the actual device name of the partition to be encrypted), with a large partition or on a slow system this command can take a long time!

  • The following command will create the encrypted device 'partname' mapped to the physical device /dev/sdXX:
     cryptsetup -y -c twofish-cbc-essiv:sha256 create partname /dev/sdXX 
    (where 'partname' can be any suitable unique name for the encrypted partition)
    At this point you will be asked for a passphrase, choose one that's easy enough for you to remember but not easy to guess for anyone else. You will have to enter it a second time to avoid accidental typos.
    Remember: if you forget your passphrase, you won't be able to access your data on the encrypted partition anymore!
That's it! Now you have an encrypted partition ready for creating a filesystem on it and then mounting. The device name for the encrypted partition you have just created is:
 /dev/mapper/partname 
The following command can be used to create an ext2 (more suited for flash based disk devices than ext3) filesystem on it:
 mkfs.ext2 -m 0 -I 128 /dev/mapper/partname 

Now you can mount your encrypted partition with:
 mount -o noatime,nodiratime /dev/mapper/partname /mountpoint 

Day to day usage

Mounting a previously created encrypted partition:
 cryptsetup -c twofish-cbc-essiv:sha256 create partname /dev/sdXX 
 mount -o noatime,nodiratime /dev/mapper/partname /mountpoint 

Unmounting it again:
 umount /dev/mapper/partname 
 cryptsetup remove partname 

If you have any comments, questions or suggestions about this procedure, please post them on the dedicated thread on the Mandrivausers.org forum at:
mandrivausers.org/index.php?showtopic=81004

For more information please read the 'cryptsetup' man-page and have a look at the following excellent (but long) guide from Justin Wells:
www.shimari.com/dm-crypt-on-raid

[08-Mar-2009 - art-linux_disk_encryption_mini_how-to]
 
Most Popular Articles

Top LinuxTECH.NET Downloads

Related Recommended Books
advertisement
Hardening Linux - James Turnbull
Hardening Linux
by James Turnbull
 How to Be Invisible - J.J. Luna
How to Be Invisible
by J.J. Luna
Hacking Exposed Linux, 3rd Ed. - ISECOM
Hacking Exposed Linux, 3rd Edition
by ISECOM
 Bulletproof Privacy - Boston T. Party
Bulletproof Privacy
by Boston T. Party

 
this website © 1998 - 2010 LinuxTECH.NET, all rights reserved. Linux® is a registered trademark of Linus Torvalds. All other trademarks, product names, logos are the sole property of their respective owners.
Disclaimer: All downloads and information available on this web site are provided 'as is', with absolutely no warranty of any kind. Download and use at your own risk! Please check license that comes with software.
Pages optimized for: Mozilla Seamonkey 1.1.x, Firefox 2 and 3, Microsoft IE 6 and 7, Opera 9.6 -- No Java, Javascript or Adobe Flash player required!