Crypting HDD as folder on Linux with LUKS
If you want to encrypt and secure your personal confident data on Linux, here is how to do it.
The following method explains how to encrypt a harddisk or partition and mount it as a folder anywhere in your filesystem. There are also other possibilities like using a file as encrypted container or encrypting your whole system partition.
We will be using dm-crypt + LUKS (Linux Unified Key Setup-on-disk-format), which is a block device level encryption scheme just like Truecrypt.
First you need to install some dependencies:
yum install cryptsetup-luks pv
We need to load kernel modules for block device level encryption
modprobe dm-mod
modprobe dm-crypt
We are going to use and encrypt /dev/md3
# enter a passphrase
cryptsetup luksOpen /dev/md3 data
# lets see if it worked
cryptsetup -v status data
/dev/mapper/data is active.
type: LUKS1
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/md3
offset: 4096 sectors
size: xxxxxxx sectors
mode: read/write
# random data to mapper, this can take quite a while
# you could skip this but I strongly recommend it for security !!
pv -tpreb /dev/zero | dd of=/dev/mapper/data bs=128M
# let there be a filesystem !
mkfs.ext4 /dev/mapper/data
Now we can finally use it, do this everytime you need your encrypted data
cryptsetup luksOpen /dev/md3 data
mount /dev/mapper/data /home/data
# use /home/data and do whatever you like
# hide it again
umount /home/data
cryptsetup luksClose data
No comments yet.