Haacking-Club/Encryption

--- * **encryption** * **Jonathan Haack** * **Haack's Networking** * **netcmnd@jonathanhaack.com**

---

Creating a encrypted partition for your workstation using cryptsetup. cryptsetup luksFormat /dev/sdaX cryptsetup luksOpen /dev/sdaX vault mkfs.xfs -L vault /dev/mapper/vault To manually mount the vault, you can perform: mkdir /mnt/vault mount /dev/mapper/vault /mnt/vault

After you reboot, the crypt will no longer be open, so you will need to open it first before mounting

cryptsetup luksOpen /dev/sdaX vault mount /dev/mapper/vault /mnt/vault

Okay, so if mounting manually proves to be too tedious, here is how you can mount at boot. First, create a keyfile that you can use to unlock the crypt (only store this on an encrypted drive):

sudo dd if=/dev/urandom of=/etc/lukskeys/vaultkey bs=512 count=8

Add the keyfile to the crypt so that it can be used to open the crypt:

sudo cryptsetup -v luksAddKey /dev/sdb1 /etc/lukskeys/vaultkey Now, we need to get the partition's block identifier, to use in crypttab and fstab because it is more reliable than the name. Do this as follows:

sudo cryptsetup luksDump /dev/sdb1 | grep "UUID" Open crypttab up, and add the example below, adjusting as necessary. sudo nano /etc/crypttab  Now that crypttab is setup, this means you you can open the crypt as follows:

sudo cryptdisks_start sdb1_crypt But, since this only opens it and does not mount it, you will need to add an entry to fstab similar to the one provided below:

sudo nano /etc/fstab  Okay, reboot and test. If it fails, boot into recovery mode and comment out the fstab entry until you get everything set up properly.

--- //oemb1905 2019/07/20 06:49//