Posted in Howto Linux Security

Encrypted partition using LUKS under Debian

July 26, 2007 - No comment

Install needed packages :

# apt-get install cryptsetup

Load modules (if needed) :

# modprobe aes
# modprobe dm_mod
# modprobe dm_crypt

LUKS on a free partition :

# cryptsetup luksFormat -c aes -h sha256 /dev/hda6

This would erase any data on the partition !

THE PARTITION SHOULD NOT BE MOUNTED, if so “umount /dev/hda6″

Formating the newly created partition :

# cryptsetup luksOpen /dev/hda6 secure
# mkfs.ext3 /dev/mapper/secure

where “secure” is the name given to the encrypted partition.. it would result in a device name like /dev/mapper/secure

Mount manually into the /secure directory :

mount -t ext3 /dev/mapper/secure /secure

Unmount :

# umount /secure
# cryptsetup luksClose secure

Automatically mounting at boot :

Edit /etc/crypttab like this :

secure /dev/hda6 none luks

Edit /etc/fstab like this :

/dev/mapper/secure /secure ext3 defaults 0 1

You would be prompted for the LUKS password at each boot.

Using a LUKS partition may slow down your system. I haven’t tested the impact of LUKS yet. You can always “renice” the daemon responsible for the encryption :

$ sudo renice 10 `pgrep kcryptd`

Links :
http://doc.ubuntu-fr.org/cryptsetup
https://help.ubuntu.com/community/EncryptedFilesystemHowto

Leave Comment

Please consider visiting the partners below if you enjoyed this article :

If this post saved you time and money, please consider checking my Amazon wishlist.

Before submitting, some rules :
- Is your comment related to the article ?
- You're having a problem ? Have you checked Google, other howtos, docs, manpages ?
- You're still having the problem ? Have you raised log verbosity, checked traces, ran tcpdump ?
- Have you checked your configuratoin for typo ?
Unless your comment is providing additional info or respect the rules above, DON'T comment.
If you don't understand what you are doing, I urge you to read the documentation, I'm not your free Level 1 helpdesk guy.