Here is a simple How To for creating an encrypt hard drive.
First at all, you need an empty partition. For our example I will call it /dev/sda5.
Run cryptsetup to create the partition. It will ask you for the password. Be sure no data is on the partition !!
cryptsetup -c twofish-cbc-essiv:sha256 -s 256 luksFormat /dev/sda5Well, -c choose the cipher, -s set key size (128 as default is not enough).
Now we have an encrypt partition, but without any filesystem. To create a filesystem, open the partition with
cryptsetup luksOpen /dev/sda5 encrypthdThe last parameter sets the mapping name, e.g. /dev/mapper/encrypthd
Create the filesystem with
mkfs.ext3 /dev/mapper/encrypthdNow mount it and your done !
To close an encrypt partition, unmount it and call
cryptsetup luksClose encrypthdTo mount it at startup, edit or create the file /etc/crypttab (only root should be able to read/write)
Syntax for crypttab: target source key options
So, for our example add the line:
encrypthd /dev/sda5 noneIf key file is none: it will ask you for the password at startup.
And add the line to fstab:
/dev/mapper/encrypthd /encrypthd ext3 defaults 1 2If you are really paranoid, you also have to encrypt your swap. On an unclear system shutdown (blackout, ...) the password for the encrypt partition can be still on the swap partition.
Gentoo has a good documentation (cipher, more details, ...):
http://de.gentoo-wiki.com/wiki/DM-Crypt
http://en.gentoo-wiki.com/wiki/DM-Crypt (a little be outdated)
No comments:
Post a Comment