User Tools

Site Tools


howtos:encrypted_disk_partition

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

howtos:encrypted_disk_partition [d/m/Y H:i] (current)
Line 1: Line 1:
 +Quick'​n'​Dirty how to make a LUKS encrypted disk partition.
 +
 +I'm encrypting the first partition on the disk called hdc.
 +
 +Make luks device: ​
 +<​code>​
 +cryptsetup -y --cipher aes --key-size 128 luksFormat /dev/hdc1
 +</​code>​
 +If you choose to use sha256 instead, you will get something like this:
 +<​code>​
 +Failed to setup dm-crypt key mapping.
 +Check kernel for support for the aes-cbc-essiv:​sha256 cipher spec and verify that /dev/hdc1 contains at least 133 sectors.
 +</​code>​
 +This is because you're using the geode_aes kernel module which only support sha128. You can get it to "​eat"​ a sha256 but you will have to unload geode_aes (sudo rmmod geode_aes) and load the generic aes module (sudo modprobe aes).
 +There is however a speed penalty when doing it like this. I don't know why though, maybe there is some hardware acceleration involved when using the geode_aes module.
 +If you play with Truecrypt you will also see some errors related to this problem. You can probably get it working using a sha128 but I haven'​t spent time figuring it out.
 +
 +Open the LUKS:
 +<​code>​
 +cryptsetup luksOpen /dev/hdc1 encdisk
 +</​code>​
 +
 +Make filesystem:
 +<​code>​
 +mkfs.ext3 -j -m 1 -O dir_index,​filetype,​sparse_super /​dev/​mapper/​encdisk
 +</​code>​
 +
 +Mount device for use:
 +<​code>​
 +mount /​dev/​mapper/​encdisk /​share/​encrypteddisk01
 +</​code>​
 +
 +Unmount device:
 +<​code>​
 +umount /​share/​encrypteddisk01
 +cryptsetup luksClose encdisk
 +</​code>​
 +
  
howtos/encrypted_disk_partition.txt · Last modified: d/m/Y H:i (external edit)