Linux Encrypted Filesystem
How to encrypt Linux filesystem. With various setup options.
Requirements
Install requirements (Debian, Ubuntu):
# apt-get install dmsetup cryptsetup lvm2
Encrypt disk
Override disk with random data:
# badblocks -s -w -t random -v /dev/sdXY
Encrypt the disk:
# cryptsetup -y -c aes-xts-plain -s 512 luksFormat /dev/sdXY
...
Open the encrypted disk:
# cryptsetup luksOpen /dev/sdXY crypt01
...
Backup LUKS Header
# cryptsetup luksHeaderBackup /dev/sdXY --header-backup-file luks.header
Create partitions
Simple encrypted filesystem
Create filesystem directly on top of LUKS:
# mkfs.ext4 /dev/mapper/crypt01
Mount the partition:
# mount /dev/mapper/crypt01 /data/
LVM over LUKS
Create volumnes:
# pvcreate /dev/mapper/crypt01
# vgcreate vg01 /dev/mapper/crypt01
# lvcreate -L 10G -n foo vg01
# lvcreate -L 10G -n bar vg01
Create file systems:
# mkfs.ext4 /dev/mapper/vg01-foo
# mkfs.ext4 /dev/mapper/vg01-bar
Mount partitions:
# mount /dev/mapper/vg01-foo /foo/
# mount /dev/mapper/vg01-bar /bar/