To create a encrypted key,
# mkdir /etc/key
# dd if=/dev/random of=/etc/key/usbbackup-key bs=1 count=256
# chmod 600 /etc/key/usbbackup-key
To load necessary encryption Linux kernel modules,
# modprobe dm-crypt
# modprobe sha256
# modprobe aes
and add the following lines at /etc/modprobe.d/aliases to load above modules at system startup.
alias sha256 sha256_generic
alias aes aes_generic
Creaation of encrypted file system with cryptsetup
# cryptsetup --verbose --cipher=aes-cbc-essiv:sha256 --key-size=256 luksFormat /dev/sdf1 /etc/key/usbbackup-key
# cryptsetup --key-file=/etc/key/usbbackup-key luksOpen /dev/sdf1 cryptousb
# mke2fs -j -O dir_index,filetype,sparse_super /dev/mapper/cryptousb
An alternative command to make a ext3 filesystem with largefile support.
# mke2fs -j -T largefile -L "usbbackup" /dev/mapper/cryptousb
Add passphrase access to encrypted partition in case partition which holding the key becomes unusable. Otherwise data will be inaccessible.
# cryptsetup --key-file=/etc/key/usbbackup-key luksAddKey /dev/sdf1
(Un)Mounting a encrypted file sysetm
# mkdir /mnt/usbbackup
# cryptsetup --key-file=/etc/key/usbbackup-key luksOpen /dev/sdf1 cryptousb
# mount /dev/mapper/cryptousb /mnt/usbbackup
And add the following line to /etc/fstab.
/dev/mapper/cryptousb /mnt/usbbackup ext3 defaults 0 0
Unmount a encrypted file system:
# umount /mnt/usbbackup
# cryptsetup luksClose /dev/sdf1 cryptousb
Reference:
https://help.ubuntu.com/community/EncryptedFilesystemHowto5
https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorageOnHardy (Solution of problem loading sha256)
- Log in to post comments
