This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
computing:encryption [2018/10/16 21:14] – oemb1905 | computing:encryption [2024/01/29 18:20] (current) – oemb1905 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | |||
------------------------------------------- | ------------------------------------------- | ||
* **encryption** | * **encryption** | ||
Line 8: | Line 7: | ||
------------------------------------------- | ------------------------------------------- | ||
- | Boot into the ncurses installer, when prompted | + | To use pam_mount |
+ | |||
+ | sudo apt-get | ||
+ | rsync -av /home /backup | ||
+ | umount /home/ | ||
+ | cryptsetup luksFormat /dev/sdaX | ||
+ | cryptsetup luksOpen /dev/sdaX home | ||
+ | mkfs.xfs -L home / | ||
+ | mount / | ||
+ | rsync -av / | ||
+ | sudo nano / | ||
+ | <volume user=" | ||
+ | |||
+ | To use pam_mount to mount a LUKS crypt to a non-home directory | ||
+ | |||
+ | cryptsetup luksFormat /dev/sdaX | ||
+ | cryptsetup luksOpen /dev/sdaX vault | ||
+ | mkfs.xfs -L vault / | ||
+ | mkdir / | ||
+ | mount / | ||
+ | sudo nano / | ||
+ | <volume user=" | ||
+ | |||
+ | You may optionally mount the LUKS crypt manually as well. To do so, create | ||
+ | |||
+ | mkdir / | ||
+ | mount / | ||
+ | |||
+ | After you reboot, the crypt will no longer be open, but your mount point will still be there, so you just need to open the LUKS crypt and then map the LUKS partition to your mount point again as follows: | ||
+ | |||
+ | cryptsetup luksOpen /dev/sdaX vault | ||
+ | mount / | ||
+ | |||
+ | Users might also to prefer to use crypttab and fstab to handle the mounting and mapping. To do so, let's create a keyfile in a secure location that you can use to unlock the crypt. | ||
+ | |||
+ | sudo dd if=/ | ||
+ | |||
+ | Add the keyfile to the LUKS crypt so that it can be used to open the crypt: | ||
+ | |||
+ | sudo cryptsetup -v luksAddKey /dev/sdaX / | ||
+ | |||
+ | After adding the key to the crypt, let' | ||
+ | |||
+ | sudo cryptsetup luksDump /dev/sdaX | grep " | ||
+ | |||
+ | Now that we have the UUID of the crypt, we can add a reliable crypttab entry for the crypt. | ||
+ | |||
+ | sudo nano / | ||
+ | < | ||
+ | |||
+ | Now that crypttab is setup, this means you you can open the crypt as follows. | ||
+ | |||
+ | sudo cryptdisks_start sdaX_crypt | ||
+ | |||
+ | If you want, however, the crypt to mount on its own, then add an entry to fstab as well. | ||
+ | |||
+ | sudo nano / | ||
+ | </ | ||
+ | |||
+ | Okay, your LUKS crypt should now be open and mapped to your mount point at boot. Since Debian 12, there' | ||
+ | sudo nano / | ||
+ | < | ||
+ | --- // |