This shows you the differences between two versions of the page.
— |
encrypt_file_container_with_cryptsetup-luks [2011/06/01 12:58] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Encrypt file container with cryptsetup-luks for Fedora ====== | ||
+ | |||
+ | Make sure you have the package cryptsetup-luks installed. | ||
+ | |||
+ | As root. | ||
+ | |||
+ | Prepare an empty file container. Here 10MB. | ||
+ | # dd if=/dev/zero of=encrypted_file.bin bs=1024k count=10 | ||
+ | |||
+ | Find the first available loop device: | ||
+ | # losetup -f | ||
+ | /dev/loop0 | ||
+ | |||
+ | Map file container with loop device (in this case /dev/loop0): | ||
+ | # losetup /dev/loop0 encrypted_file.bin | ||
+ | |||
+ | Initialize and encrypt loop device (file container) | ||
+ | # cryptsetup --verify-passphrase luksFormat /dev/loop0 | ||
+ | |||
+ | WARNING! | ||
+ | ======== | ||
+ | This will overwrite data on /dev/loop0 irrevocably. | ||
+ | Are you sure? (Type uppercase yes): YES | ||
+ | Enter LUKS passphrase: <Enter password> | ||
+ | Verify passphrase: <Enter password> | ||
+ | |||
+ | |||
+ | The verify-passphrase parameter will ask for a password twice which will minimize risk of typos.\\ | ||
+ | The default encryption cipher method (at compile time) can be printed with: | ||
+ | # cryptseup --help | ||
+ | |||
+ | Create device-mapper mapping and open loop device | ||
+ | # cryptsetup luksOpen /dev/loop0 encrypted_container | ||
+ | Enter passphrase for /dev/loop0: <Enter password> | ||
+ | | ||
+ | To check status of device mapper: | ||
+ | # cryptsetup status encrypted_container | ||
+ | /dev/mapper/encrypted_container is active: | ||
+ | cipher: aes-cbc-essiv:sha256 | ||
+ | keysize: 256 bits | ||
+ | device: /dev/loop0 | ||
+ | offset: 2056 sectors | ||
+ | size: 18424 sectors | ||
+ | mode: read/write | ||
+ | |||
+ | Time to create file system inside container: | ||
+ | # mkfs.ext3 /dev/mapper/encrypted_container | ||
+ | |||
+ | Mount device mapper. In this case to mountpoint /mnt: | ||
+ | # mount /dev/mapper/encrypted_container /mnt | ||
+ | |||
+ | Use file system\\ | ||
+ | Remeber to umount and close after container after use so other have no chance to look into your encrypted container. | ||
+ | |||
+ | # umount /mnt | ||
+ | # cryptsetup remove /dev/mapper/encrypted_container | ||
+ | # losetup -d /dev/loop0 | ||
+ | | ||
+ | ===== Mounting an Existing Encrypted Container File ===== | ||
+ | | ||
+ | Get loop device: | ||
+ | # losetup -f | ||
+ | |||
+ | Map loop device and container file: | ||
+ | # losetup /dev/loop0 encrypted_file.bin | ||
+ | |||
+ | Create device-mapper | ||
+ | # cryptsetup luksOpen /dev/loop0 encrypted_container | ||
+ | <Enter password> | ||
+ | | ||
+ | Mount device-mapper | ||
+ | # mount /dev/mapper/encrypted_container /mnt | ||