User Tools

Site Tools


howtos:encrypted_disk_partition

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

howtos:encrypted_disk_partition [d/m/Y H:i] (current)
Line 1: Line 1:
 +Quick'n'Dirty how to make a LUKS encrypted disk partition.
 +
 +I'm encrypting the first partition on the disk called hdc.
 +
 +Make luks device: 
 +<code>
 +cryptsetup -y --cipher aes --key-size 128 luksFormat /dev/hdc1
 +</code>
 +If you choose to use sha256 instead, you will get something like this:
 +<code>
 +Failed to setup dm-crypt key mapping.
 +Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify that /dev/hdc1 contains at least 133 sectors.
 +</code>
 +This is because you're using the geode_aes kernel module which only support sha128. You can get it to "eat" a sha256 but you will have to unload geode_aes (sudo rmmod geode_aes) and load the generic aes module (sudo modprobe aes).
 +There is however a speed penalty when doing it like this. I don't know why though, maybe there is some hardware acceleration involved when using the geode_aes module.
 +If you play with Truecrypt you will also see some errors related to this problem. You can probably get it working using a sha128 but I haven't spent time figuring it out.
 +
 +Open the LUKS:
 +<code>
 +cryptsetup luksOpen /dev/hdc1 encdisk
 +</code>
 +
 +Make filesystem:
 +<code>
 +mkfs.ext3 -j -m 1 -O dir_index,filetype,sparse_super /dev/mapper/encdisk
 +</code>
 +
 +Mount device for use:
 +<code>
 +mount /dev/mapper/encdisk /share/encrypteddisk01
 +</code>
 +
 +Unmount device:
 +<code>
 +umount /share/encrypteddisk01
 +cryptsetup luksClose encdisk
 +</code>
 +
  
howtos/encrypted_disk_partition.txt · Last modified: d/m/Y H:i (external edit)