Protecting Data with Encrypted Linux Partitions - page 3
The Inevitable Whoopsie
Once you have a nice new empty partition, you'll encrypt it with the
cryptsetup command. Be very sure you are encrypting the correct partition:
# cryptsetup --verbose --verify-passphrase -c aes-cbc-plain luksFormat /dev/sda2 WARNING! ======== This will overwrite data on /dev/sda2 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase: Command successful.
This creates the encrypted partition. Now you need to create and name a mountable logical partition. In this example, it is named
sda2, which could be
mysecretpartition, or anything you want:
# cryptsetup luksOpen /dev/sda2 sda2 Enter LUKS passphrase: key slot 0 unlocked. Command successful.
This should show as a block device in
$ ls -l /dev/mapper total 0 crw-rw---- 1 root root 10, 63 2007-06-09 18:38 control brw-rw---- 1 root disk 254, 0 2007-06-09 19:46 sda2
Now put a filesystem on the logical partition:
# mkfs.ext3 /dev/mapper/sda2
Now you need to make a mount point so you can mount and use this nice new encrypted partition. Remember, you must use the device name is from
/dev/mapper/. I'll put it in my home directory. Watch for operations that require rootly powers:
$ mkdir /home/me/crypted # mount /dev/mapper/sda1 /home/me/crypted
Confirm that it mounted, and write a test file:
# df -H [...] Filesystem Size Used Avail Use% Mounted on /dev/mapper/sda2 7.9G 152M 7.3G 3% /home/carla/crypted # cd /home/me/crypted # nano test # ls lost+found test
Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.