{ "created": "2015-12-20T19:56:51Z", "hierarchy": [ { "name": "ROOT", "type": "folder", "uri": "/ROOT" }, { "name": "Encryption with dm-crypt and LUKS", "type": "article", "uri": "Encryption_with_dm-crypt_and_LUKS" } ], "html": "\n\n \n \n \n \n \n \n \n \n \n \n \n Encryption with dm-crypt and LUKS\n \n \n \n \n
\n
\n \n
\n
\n \n \n\n

Encryption with dm-crypt and LUKS\n \n

\n

Pre-Flight

\n\n

Install the necessary tools

\n

If you did a ‘minimal’ CentOS 6.x install, you’ll need these:

\n
yum install cryptsetup device-mapper util-linux  \nmodprobe dm_crypt  \nlsmod | grep dm_crypt\n
\n

Prepare the Device

\n

I used LVM. This section could’ve been about making a software RAID. If\nyou’ve prepared your device or have a standard disk (e.g. /dev/sdb1),\nyou can skip to the next section.

\n
pvcreate /dev/vda2  \nvgcreate volgroups /dev/vda2  \nlvcreate -l 100%FREE -n secure volgroups\n
\n

You now have a block storage device at /dev/mapper/volgroups-secure.\nYou’ll create an encrypted device using it.

\n

Creating the Encrypted Device

\n
cryptsetup luksFormat /dev/mapper/volgroups-secure  \ncryptsetup luksOpen   /dev/mapper/volgroups-secure secure\n
\n

This creates the device /dev/mapper/secure. The cipher used is\nAES-256-CBC. Fill it with junk; will take time, but this will prevent\npeople from knowing the size of data on your device.

\n
dd if=/dev/urandom of=/dev/mapper/secure\n
\n

Now create a filesystem

\n
mkfs -t ext4 /dev/mapper/secure\n
\n

Mount it!

\n
mount -t ext4 /dev/mapper/secure /mnt/secure\n
\n

Close it when done:

\n
crypsetup luksClose secure\n
\n

Mounting at boot

\n\n

LVM Resizing

\n

For the example above,

\n
lvextend -L+2048G /dev/mapper/volgroups-secure  \nresize2fs /dev/mapper/secure\n
\n\n\n
\n \n
\n \n \n \n \n \n\n", "id": "5137021a-23eb-5c05-8ad4-e7df18fe6bd2", "modified": "2022-11-01T20:05:42Z", "revisions": [ { "authorEmail": "mail@nikhil.io", "authorName": "Nikhil Anand", "date": "2022-11-01T20:05:42Z", "id": "c9576f57d8ed0e54976c459c7930661b7775afdb", "shortId": "c9576f57", "subject": "Update link, Monterey note", "content": "Pre-Flight\n----------\n\n* Installed on CentOS 6.2 x86\\_64 running on KVM.\n* Decided to use LVM to manage the partition I wanted to encrypt for\n future expansion.\n\n### Install the necessary tools\n\nIf you did a 'minimal' CentOS 6.x install, you'll need these:\n\n yum install cryptsetup device-mapper util-linux \n modprobe dm_crypt \n lsmod | grep dm_crypt\n\nPrepare the Device\n------------------\n\nI used LVM. This section could've been about making a software RAID. If\nyou've prepared your device or have a standard disk (e.g. `/dev/sdb1`),\nyou can skip to the next section.\n\n pvcreate /dev/vda2 \n vgcreate volgroups /dev/vda2 \n lvcreate -l 100%FREE -n secure volgroups\n\nYou now have a block storage device at `/dev/mapper/volgroups-secure`.\nYou'll create an encrypted device using it.\n\nCreating the Encrypted Device\n-----------------------------\n\n cryptsetup luksFormat /dev/mapper/volgroups-secure \n cryptsetup luksOpen   /dev/mapper/volgroups-secure secure\n\nThis creates the device `/dev/mapper/secure`. The cipher used is\nAES-256-CBC. Fill it with junk; will take time, but this will prevent\npeople from knowing the size of data on your device.\n\n dd if=/dev/urandom of=/dev/mapper/secure\n\nNow create a filesystem\n\n mkfs -t ext4 /dev/mapper/secure\n\nMount it!\n\n mount -t ext4 /dev/mapper/secure /mnt/secure\n\nClose it when done:\n\n crypsetup luksClose secure\n\nMounting at boot\n----------------\n\n* Add this to `/etc/crypttab` (create with 0644 if it doesn't exist)\n\n secure   /dev/mapper/volgroups-secure\n\n* Then add this to `/etc/fstab`\n\n /dev/mapper/secure /mnt/secure ext3    defaults 0 0\n\nLVM Resizing\n------------\n\nFor the example above,\n\n lvextend -L+2048G /dev/mapper/volgroups-secure \n resize2fs /dev/mapper/secure\n" }, { "authorEmail": "mail@nikhil.io", "authorName": "Nikhil Anand", "date": "2015-12-27T07:27:56Z", "id": "5a5b1a32f41081d062ab86f8869a961bcad79668", "shortId": "5a5b1a32", "subject": "Fix Markdown conversion\n\nSaw half a season of The Office\n", "content": "Pre-Flight\n----------\n\n* Installed on CentOS 6.2 x86\\_64 running on KVM.\n* Decided to use LVM to manage the partition I wanted to encrypt for\n future expansion.\n\n### Install the necessary tools\n\nIf you did a 'minimal' CentOS 6.x install, you'll need these:\n\n yum install cryptsetup device-mapper util-linux \n modprobe dm_crypt \n lsmod | grep dm_crypt\n\nPrepare the Device\n------------------\n\nI used LVM. This section could've been about making a software RAID. If\nyou've prepared your device or have a standard disk (e.g. `/dev/sdb1`),\nyou can skip to the next section.\n\n pvcreate /dev/vda2 \n vgcreate volgroups /dev/vda2 \n lvcreate -l 100%FREE -n secure volgroups\n\nYou now have a block storage device at `/dev/mapper/volgroups-secure`.\nYou'll create an encrypted device using it.\n\nCreating the Encrypted Device\n-----------------------------\n\n cryptsetup luksFormat /dev/mapper/volgroups-secure \n cryptsetup luksOpen   /dev/mapper/volgroups-secure secure\n\nThis creates the device `/dev/mapper/secure`. The cipher used is\nAES-256-CBC. Fill it with junk; will take time, but this will prevent\npeople from knowing the size of data on your device.\n\n dd if=/dev/urandom of=/dev/mapper/secure\n\nNow create a filesystem\n\n mkfs -t ext4 /dev/mapper/secure\n\nMount it!\n\n mount -t ext4 /dev/mapper/secure /mnt/secure\n\nClose it when done:\n\n crypsetup luksClose secure\n\nMounting at boot\n----------------\n\n* Add this to `/etc/crypttab` (create with 0644 if it doesn't exist)\n\n secure   /dev/mapper/volgroups-secure\n\n* Then add this to `/etc/fstab`\n\n /dev/mapper/secure /mnt/secure ext3    defaults 0 0\n\nLVM Resizing\n------------\n\nFor the example above,\n\n lvextend -L+2048G /dev/mapper/volgroups-secure \n resize2fs /dev/mapper/secure\n" }, { "authorEmail": "mail@nikhil.io", "authorName": "Nikhil Anand", "date": "2015-12-21T02:30:47Z", "id": "3f2c54b1d767218fcb4855fbac306b015afaf551", "shortId": "3f2c54b1", "subject": "Incremental\n", "content": "Pre-Flight\n----------\n\n- Installed on CentOS 6.2 x86\\_64 running on KVM.\n- Decided to use LVM to manage the partition I wanted to encrypt for\n future expansion.\n\n### Install the necessary tools\n\nIf you did a 'minimal' CentOS 6.x install, you'll need these:\n\n` yum install cryptsetup device-mapper util-linux` \n` modprobe dm_crypt` \n` lsmod | grep dm_crypt`\n\nPrepare the Device\n------------------\n\nI used LVM. This section could've been about making a software RAID. If\nyou've prepared your device or have a standard disk (e.g. `/dev/sdb1`),\nyou can skip to the next section.\n\n` pvcreate /dev/vda2` \n` vgcreate volgroups /dev/vda2` \n` lvcreate -l 100%FREE -n secure volgroups`\n\nYou now have a block storage device at `/dev/mapper/volgroups-secure`.\nYou'll create an encrypted device using it.\n\nCreating the Encrypted Device\n-----------------------------\n\n` cryptsetup luksFormat /dev/mapper/volgroups-secure` \n` cryptsetup luksOpen   /dev/mapper/volgroups-secure secure`\n\nThis creates the device `/dev/mapper/secure`. The cipher used is\nAES-256-CBC. Fill it with junk; will take time, but this will prevent\npeople from knowing the size of data on your device.\n\n` dd if=/dev/urandom of=/dev/mapper/secure`\n\nNow create a filesystem\n\n` mkfs -t ext4 /dev/mapper/secure`\n\nMount it!\n\n` mount -t ext4 /dev/mapper/secure /mnt/secure`\n\nClose it when done:\n\n` crypsetup luksClose secure`\n\nMounting at boot\n----------------\n\n- Add this to `/etc/crypttab` (create with 0644 if it doesn't exist)\n\n` secure   /dev/mapper/volgroups-secure`\n\n- Then add this to `/etc/fstab`\n\n` /dev/mapper/secure        /mnt/secure                   ext3    defaults        0 0`\n\nLVM Resizing\n------------\n\nFor the example above,\n\n` lvextend -L+2048G /dev/mapper/volgroups-secure` \n` resize2fs /dev/mapper/secure`\n\n\n\n" }, { "authorEmail": "mail@nikhil.io", "authorName": "Nikhil Anand", "date": "2015-12-20T19:56:51Z", "id": "56f8b0d9c2d67f4b74db425dcf107e3e68e699a9", "shortId": "56f8b0d9", "subject": "Encryption with dm-crypt and LUKS : First Draft", "content": "Pre-Flight\n----------\n\n- Installed on CentOS 6.2 x86\\_64 running on KVM.\n- Decided to use LVM to manage the partition I wanted to encrypt for\n future expansion.\n\n### Install the necessary tools\n\nIf you did a 'minimal' CentOS 6.x install, you'll need these:\n\n` yum install cryptsetup device-mapper util-linux` \n` modprobe dm_crypt` \n` lsmod | grep dm_crypt`\n\nPrepare the Device\n------------------\n\nI used LVM. This section could've been about making a software RAID. If\nyou've prepared your device or have a standard disk (e.g. `/dev/sdb1`),\nyou can skip to the next section.\n\n` pvcreate /dev/vda2` \n` vgcreate volgroups /dev/vda2` \n` lvcreate -l 100%FREE -n secure volgroups`\n\nYou now have a block storage device at `/dev/mapper/volgroups-secure`.\nYou'll create an encrypted device using it.\n\nCreating the Encrypted Device\n-----------------------------\n\n` cryptsetup luksFormat /dev/mapper/volgroups-secure` \n` cryptsetup luksOpen   /dev/mapper/volgroups-secure secure`\n\nThis creates the device `/dev/mapper/secure`. The cipher used is\nAES-256-CBC. Fill it with junk; will take time, but this will prevent\npeople from knowing the size of data on your device.\n\n` dd if=/dev/urandom of=/dev/mapper/secure`\n\nNow create a filesystem\n\n` mkfs -t ext4 /dev/mapper/secure`\n\nMount it!\n\n` mount -t ext4 /dev/mapper/secure /mnt/secure`\n\nClose it when done:\n\n` crypsetup luksClose secure`\n\nMounting at boot\n----------------\n\n- Add this to `/etc/crypttab` (create with 0644 if it doesn't exist)\n\n` secure   /dev/mapper/volgroups-secure`\n\n- Then add this to `/etc/fstab`\n\n` /dev/mapper/secure        /mnt/secure                   ext3    defaults        0 0`\n\nLVM Resizing\n------------\n\nFor the example above,\n\n` lvextend -L+2048G /dev/mapper/volgroups-secure` \n` resize2fs /dev/mapper/secure`\n\n[Category:Nikhil's Notes](Category:Nikhil's_Notes \"wikilink\")\n[Category:From a past sysadmin\nlife](Category:From_a_past_sysadmin_life \"wikilink\")\n" } ], "sizeInBytes": 1838, "source": "Pre-Flight\n----------\n\n* Installed on CentOS 6.2 x86\\_64 running on KVM.\n* Decided to use LVM to manage the partition I wanted to encrypt for\n future expansion.\n\n### Install the necessary tools\n\nIf you did a 'minimal' CentOS 6.x install, you'll need these:\n\n yum install cryptsetup device-mapper util-linux \n modprobe dm_crypt \n lsmod | grep dm_crypt\n\nPrepare the Device\n------------------\n\nI used LVM. This section could've been about making a software RAID. If\nyou've prepared your device or have a standard disk (e.g. `/dev/sdb1`),\nyou can skip to the next section.\n\n pvcreate /dev/vda2 \n vgcreate volgroups /dev/vda2 \n lvcreate -l 100%FREE -n secure volgroups\n\nYou now have a block storage device at `/dev/mapper/volgroups-secure`.\nYou'll create an encrypted device using it.\n\nCreating the Encrypted Device\n-----------------------------\n\n cryptsetup luksFormat /dev/mapper/volgroups-secure \n cryptsetup luksOpen   /dev/mapper/volgroups-secure secure\n\nThis creates the device `/dev/mapper/secure`. The cipher used is\nAES-256-CBC. Fill it with junk; will take time, but this will prevent\npeople from knowing the size of data on your device.\n\n dd if=/dev/urandom of=/dev/mapper/secure\n\nNow create a filesystem\n\n mkfs -t ext4 /dev/mapper/secure\n\nMount it!\n\n mount -t ext4 /dev/mapper/secure /mnt/secure\n\nClose it when done:\n\n crypsetup luksClose secure\n\nMounting at boot\n----------------\n\n* Add this to `/etc/crypttab` (create with 0644 if it doesn't exist)\n\n secure   /dev/mapper/volgroups-secure\n\n* Then add this to `/etc/fstab`\n\n /dev/mapper/secure /mnt/secure ext3    defaults 0 0\n\nLVM Resizing\n------------\n\nFor the example above,\n\n lvextend -L+2048G /dev/mapper/volgroups-secure \n resize2fs /dev/mapper/secure\n", "title": "Encryption with dm-crypt and LUKS", "untracked": false, "uri": "/Encryption_with_dm-crypt_and_LUKS" }