Azimout's Linux weblog

encrypted data partition

leave a comment »

I’ve found several tutorials on how to create an encrypted partition under Linux, but most of them focus either on encrypted root/swap partitions, or on removable drives. My goal is to have an encrypted data partition, where I keep my work and private data safe.

Here’s the steps:

  1. Install cryptsetup: sudo aptitude install cryptsetup
  2. Unmount the partition: sudo umount /dev/sda1 (replace sda1 with your own partition; be very careful!)
  3. (optional) Overwrite with random data: sudo dd if=/dev/urandom of=/dev/sda1 bs=4K
  4. Create the encrypted partition: sudo cryptsetup luksFormat /dev/sda1 -c aes -s 256 -h sha256 -y
  5. Connect the partition: sudo cryptsetup luksOpen /dev/sda1 data
  6. Format to ext4: sudo mke2fs -t ext4 /dev/mapper/data -L data

Afterwards, to use it, you need to:

  1. add aes_generic and dm-crypt to /etc/modules
  2. add “data /dev/sda1 none luks,cipher=aes,size=256,hash=sha256” to /etc/crypttab (note: this will prompt for your passphrase during boot)
  3. change your /etc/fstab to mount /dev/mapper/data

If you want to mount it manually instead of at boot time, do this:

  1. sudo modprobe dm-crypt aes_generic
  2. sudo cryptsetup luksOpen /dev/sda1 data
  3. sudo mount -t ext4 -U <UUID> /media/data -o rw,auto,async,user,exec,relatime



Written by azimout

07/04/2009 at 11:05

Posted in Reference

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: