Crypting HDD as folder on Linux with LUKS

If you want to encrypt and secure your personal confident data on Linux, here is how to do it.

The following method explains how to encrypt a harddisk or partition and mount it as a folder anywhere in your filesystem. There are also other possibilities like using a file as encrypted container or encrypting your whole system partition.
We will be using dm-crypt + LUKS (Linux Unified Key Setup-on-disk-format), which is a block device level encryption scheme just like Truecrypt.

First you need to install some dependencies:

# you need EPEL repo installed for this
yum install cryptsetup-luks pv

We need to load kernel modules for block device level encryption

# load modules. you might want to add them permanently
modprobe dm-mod
modprobe dm-crypt

We are going to use and encrypt /dev/md3

cryptsetup -y -v luksFormat /dev/md3
# enter a passphrase
# create a mapper to /dev/mapper/data
cryptsetup luksOpen /dev/md3 data

# lets see if it worked
cryptsetup -v status data
/dev/mapper/data is active.
type: LUKS1
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/md3
offset: 4096 sectors
size: xxxxxxx sectors
mode: read/write
# random data to mapper, this can take quite a while
# you could skip this but I strongly recommend it for security !!
pv -tpreb /dev/zero | dd of=/dev/mapper/data bs=128M

# let there be a filesystem !
mkfs.ext4 /dev/mapper/data

Now we can finally use it, do this everytime you need your encrypted data

# you can skip this right now as its already opened from steps above
cryptsetup luksOpen /dev/md3 data

mount /dev/mapper/data /home/data

# use /home/data and do whatever you like

# hide it again
umount /home/data
cryptsetup luksClose data
  1. No comments yet.

  1. No trackbacks yet.