encrypt_file_container_with_cryptsetup-luks
Differences
This shows you the differences between two versions of the page.
| — |
encrypt_file_container_with_cryptsetup-luks [2011/06/01 12:58] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Encrypt file container with cryptsetup-luks for Fedora ====== | ||
| + | |||
| + | Make sure you have the package cryptsetup-luks installed. | ||
| + | |||
| + | As root. | ||
| + | |||
| + | Prepare an empty file container. Here 10MB. | ||
| + | # dd if=/dev/zero of=encrypted_file.bin bs=1024k count=10 | ||
| + | |||
| + | Find the first available loop device: | ||
| + | # losetup -f | ||
| + | /dev/loop0 | ||
| + | |||
| + | Map file container with loop device (in this case /dev/loop0): | ||
| + | # losetup /dev/loop0 encrypted_file.bin | ||
| + | |||
| + | Initialize and encrypt loop device (file container) | ||
| + | # cryptsetup --verify-passphrase luksFormat /dev/loop0 | ||
| + | |||
| + | WARNING! | ||
| + | ======== | ||
| + | This will overwrite data on /dev/loop0 irrevocably. | ||
| + | Are you sure? (Type uppercase yes): YES | ||
| + | Enter LUKS passphrase: <Enter password> | ||
| + | Verify passphrase: <Enter password> | ||
| + | |||
| + | |||
| + | The verify-passphrase parameter will ask for a password twice which will minimize risk of typos.\\ | ||
| + | The default encryption cipher method (at compile time) can be printed with: | ||
| + | # cryptseup --help | ||
| + | |||
| + | Create device-mapper mapping and open loop device | ||
| + | # cryptsetup luksOpen /dev/loop0 encrypted_container | ||
| + | Enter passphrase for /dev/loop0: <Enter password> | ||
| + | | ||
| + | To check status of device mapper: | ||
| + | # cryptsetup status encrypted_container | ||
| + | /dev/mapper/encrypted_container is active: | ||
| + | cipher: aes-cbc-essiv:sha256 | ||
| + | keysize: 256 bits | ||
| + | device: /dev/loop0 | ||
| + | offset: 2056 sectors | ||
| + | size: 18424 sectors | ||
| + | mode: read/write | ||
| + | |||
| + | Time to create file system inside container: | ||
| + | # mkfs.ext3 /dev/mapper/encrypted_container | ||
| + | |||
| + | Mount device mapper. In this case to mountpoint /mnt: | ||
| + | # mount /dev/mapper/encrypted_container /mnt | ||
| + | |||
| + | Use file system\\ | ||
| + | Remeber to umount and close after container after use so other have no chance to look into your encrypted container. | ||
| + | |||
| + | # umount /mnt | ||
| + | # cryptsetup remove /dev/mapper/encrypted_container | ||
| + | # losetup -d /dev/loop0 | ||
| + | | ||
| + | ===== Mounting an Existing Encrypted Container File ===== | ||
| + | | ||
| + | Get loop device: | ||
| + | # losetup -f | ||
| + | |||
| + | Map loop device and container file: | ||
| + | # losetup /dev/loop0 encrypted_file.bin | ||
| + | |||
| + | Create device-mapper | ||
| + | # cryptsetup luksOpen /dev/loop0 encrypted_container | ||
| + | <Enter password> | ||
| + | | ||
| + | Mount device-mapper | ||
| + | # mount /dev/mapper/encrypted_container /mnt | ||
encrypt_file_container_with_cryptsetup-luks.txt ยท Last modified: 2011/06/01 12:58 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
