Hello Dear Visitor
This is my brand new tutorial about Encrypting an entire File System under a Linux Operating System, You will need, in case you want to store some sensitive data and you don’t want it to end up in wrong hands. We will be using “cryptsetup” in combination with LUKS (Linux Unified Key Setup) for encrypting your Partition. So Lets Get Started.
I will be assuming the Following
1. Operating System: Ubuntu 12.10
2. User: ordinary User, as this is sensitive work, so we will be using “sudo”
3. A Blank Partition, since we will be encrypting the File System, all the data on that partition will be lost, so if there is any data on that partition, make sure you had a proper backup before you continue.
I am currently using a VM and I have attached a new blank harddisk (you will be having a real harddisk so be extra carefull), Now to encrypt your partition follow the following Steps
1. Use the following command to encrypt your Partition
$sudo cryptsetup -v –verify-passphrase luksFormat /dev/sdb1
a. Cryptsetup will make sure you are in your senses by asking you to type YES (all in capital)
b. Then it will ask you for a pass-phrase, the password with which you will be prompted for in case you want to open the partition
2. Now you will have to Open the partition using the following command
$sudo cryptsetup luksOpen /dev/sdb1 myData
a. myData is the name I gave to this partition, you will need to refer it with this name
b. It will then prompt you for that pass-phrase, enter it to continue
3. Now verify that our device was open by checking in the name of our Encrypted File System /dev/mapper/
4. Now you will have to create a new file system inside that encrypted partition using the following command
$sudo mkfs.ext4 /dev/mapper/myData
5. Now create a directory to which we will be mounting our partition, use the following command
6. To mount our file System, use the following command
$mount /dev/mapper/myData /media/myData
7. To start this partition at boot time, add the following entry for this partition in /etc/crypttab file
$sudo vi /etc/crypttab
and add the entries
myData /dev/sdb1 none
8. Now to automatically mount partition at boot time, edit the fstab file
$sudo vi /etc/fstab
and add the following lines at the end of file
/dev/mapper/myData /media/myData ext4 rw 0 0
9. And that’s It, Reboot the System and it will prompt you for the password during boot time, Enter pass-phrase (password of that partition to continue).
10. After reboot you can check the status of your encrypted partition with the following command
$sudo cryptsetup status myData
1. In case you have SELinux installed on your system, you will have to relabel this partition using the following command
$sudo restorecon -r /media/myData
2. If /etc/crypttab file does not exists, create one
3. If you get a massage/error mount: unknown filesystem type ‘crypto_LUKS’ during boot time, run the following command.
$cryptsetup luksOpen /dev/sdb2 myData
press control+D to continue with normal boot
That’s it, Simple, wasn’t it? If you have any questions and suggestions, Please leave it in comment section. I will be more then happy to answer them.