disk encryption (dm-crypt + LUKS, non-root)

encrypting external drives with dm-crypt and LUKS (hdd, flash etc.)

1) wipe potentially existing luks-header (optional)

dd if=/dev/zero of=/dev/sdX bs=512 count=20480

2) wipe existing partitions (optional)

3) setup luks-header

cryptsetup options luksFormat device

respectively

cryptsetup -v --cipher aes-xts-plain64 --key-size 512 \
--hash sha512 --iter-time 5000 --use-random luksFormat <device>

4) mount encrypted partition

simply mount

or

cryptsetup open <device> <name>

5) create file system

mkfs.fstype /dev/mapper/name

6) change user permissions (only accessible for root as default)

chown user:group <mount point>

https://wiki.archlinux.org/index.php/LUKS

https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_a_non-root_file_system

https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode

Leave a Reply

Your email address will not be published. Required fields are marked *

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>