This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
computing:encryption [2018/11/28 06:07] – oemb1905 | computing:encryption [2024/01/29 18:01] – oemb1905 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | |||
------------------------------------------- | ------------------------------------------- | ||
* **encryption** | * **encryption** | ||
Line 8: | Line 7: | ||
------------------------------------------- | ------------------------------------------- | ||
- | More later ... | + | Creating a encrypted partition for your workstation using cryptsetup. |
+ | |||
+ | sudo apt-get install cryptsetup libpam-mount | ||
+ | cryptsetup luksFormat /dev/sdaX | ||
+ | cryptsetup luksOpen /dev/sdaX vault | ||
+ | mkfs.xfs -L vault / | ||
+ | |||
+ | To manually mount the vault, you can perform: | ||
+ | |||
+ | mkdir / | ||
+ | mount / | ||
+ | |||
+ | After you reboot, the crypt will no longer be open, so you will need to open it first before mounting | ||
+ | |||
+ | cryptsetup luksOpen /dev/sdaX vault | ||
+ | mount / | ||
+ | |||
+ | Okay, so if mounting manually proves to be too tedious, here is how you can mount at boot. First, create a keyfile that you can use to unlock the crypt (only store this on an encrypted drive): | ||
+ | |||
+ | sudo dd if=/ | ||
+ | |||
+ | Add the keyfile to the crypt so that it can be used to open the crypt: | ||
+ | |||
+ | sudo cryptsetup -v luksAddKey /dev/sdb1 / | ||
+ | |||
+ | Now, we need to get the partition' | ||
+ | |||
+ | sudo cryptsetup luksDump /dev/sdb1 | grep " | ||
+ | |||
+ | Open crypttab up, and add the example below, adjusting as necessary. | ||
+ | |||
+ | sudo nano / | ||
+ | < | ||
+ | |||
+ | Now that crypttab is setup, this means you you can open the crypt as follows: | ||
+ | |||
+ | sudo cryptdisks_start sdb1_crypt | ||
+ | |||
+ | But, since this only opens it and does not mount it, you will need to add an entry to fstab similar to the one provided below: | ||
+ | |||
+ | sudo nano / | ||
+ | </ | ||
+ | |||
+ | Alternately, | ||
- | These notes are for setting up dual boot with full disk encryption on a macbook | + | rsync -av /home /backup |
+ | umount /home/ | ||
+ | cryptsetup luksFormat /dev/sdaX | ||
+ | cryptsetup luksOpen /dev/sdaX home | ||
+ | mkfs.xfs -L home / | ||
+ | mount / | ||
+ | rsync -av / | ||
+ | sudo nano / | ||
+ | <volume user=" | ||
+ | |||
+ | Remove the error " | ||
- | Boot into the ncurses installer, when prompted to set up disks for partitioning, | + | sudo nano / |
+ | < | ||
+ | --- // |