Archive

Posts Tagged ‘luks’

Add/remove keys to LUKS encrypted disk

January 14, 2011 Leave a comment

First of all, umount the encrypted disk, and then add/remove the keys

$ sudo cryptsetup luksAddKey /dev/sdb1
$ sudo cryptsetup luksRemoveKey /dev/sdb1
Advertisements
Categories: ubuntu Tags: , , ,

Create an encrypted filesystem with luks on ubuntu

November 15, 2010 2 comments

Setting up a LUKS filesystem (http://en.wikipedia.org/wiki/LUKS) on Ubuntu 10.10 is as easy as this:

$ sudo apt-get install -y cryptsetup
$ sudo modprobe sha256
$ sudo modprobe dm_crypt
$ sudo modprobe dm_mod
$ sudo modprobe aes

Now you have to ensure that the device (in my case, an USB hard disk drive) is unmounted:

$ sudo umount /dev/sdb1

Once unmounted, you can setup LUKS on a free partition. Be careful, all data will be erased, and remember the password!:

$ sudo cryptsetup luksFormat -c aes -h sha256 /dev/sdb1

WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:

Now you can mount and format the new partition, giving a name to the device mapper):

$ sudo cryptsetup luksOpen /dev/sdb1 encrypted_disk
Enter passphrase for /dev/sdb1:
Key slot 0 unlocked.
$ sudo mkfs.ext3 /dev/mapper/encrypted_disk

$ sudo mkdir /test_dir
$ sudo mount -t ext3 /dev/mapper/encrypted_disk /test_dir/

Be careful with the / at the end of the mounting dir (/test_dir/).

To unmount the disk, you have to close the device mapper:

$ sudo umount /encrypted_disk
$ sudo cryptsetup luksClose encrypted_disk

Updated feb-22 2011

If you want your LUKS partition to be compatible with Red Hat 5, when you format the disk you have to use sha1 instead of sha256:

$ sudo cryptsetup luksFormat -c aes -h sha1 /dev/sdb1

Once the LUKS partition is ready, the partition is mounted automatically, asking for the LUKS password only.