Cryptsetup uses dm-crypt to encrypt a disk at the partition level. In RHEL, cryptsetup is used with Linux Unified Key Setup (LUKS), a disk encryption specification. Mounting a LUKS encrypted partiton requires a passphrase, which can either be passed in a file or via the command line. Read more about dm-crypt here.
Anyway to use crypsetup, you first must have a free partiton on a disk. In this instance I am using /dev/sdc1, which is a freeagent external usb drive.
First initialize the LUKS partition. My target is /dev/sdc1
#cryptsetup luksFormat /dev/sdc1
Then open the LUKS partition setup the dev mapper device. The command below creates /dev/mapper/freeagent
#cryptsetup luksOpen /dev/sdc1 chauhan
Create a passkey file if you want the device to be able to automount at boot.
#vi /root/my.key && chmod 600 /root/my.key
Make cryptsetup aware of the key
#cryptsetup luksAddKey /dev/sdc1 /root/my.key
Dont forget to make a filesystem
#mkfs -t ext4 /dev/mapper/chauhan
Then add the following to /etc/fstab...
/dev/mapper/freeagent /data ext4 _netdev 1 1
And add the following to /etc/crypttab. Note that the first entry is the name of the /dev/mapper device
chauhan /dev/sdc1 /root/my.key
To get a status on a device and to see the mappings between /dev/mapper and /dev/sdc1
#cryptsetup status
/dev/mapper/chauhan
/dev/mapper//dev/mapper/chauhan is active:
cipher: aes-cbc-essiv:sha256
keysize: 128 bits
device: /dev/sdc1
offset: 1032 sectors
size: 2930270970 sectors
mode: read/write
/dev/mapper//dev/mapper/chauhan is active:
cipher: aes-cbc-essiv:sha256
keysize: 128 bits
device: /dev/sdc1
offset: 1032 sectors
size: 2930270970 sectors
mode: read/write
Make sure you keep track of when to use /dev/mapper/freeagent vs /dev/sdc1 in the commands above.
Also check the crypttab status by.
#cryptsetup luksDump /dev/devicename
Comments
Post a Comment