Internal

• dm-crypt

Overview

cryptsetup is the userspace utility used to manage the dm-crypt encryption functionality.

Installation

yum install cryptsetup

Creating an Encrypting a Block Device with cryptsetup/LUKS

Format the block device with LUKS and assign it a passphrase (it is also possible to use a key file). The command will ask for a passphrase at the console:

cryptsetup luksFormat -y -v /dev/sdb

Test password: b4H4x9_3hdHEd

After 'luksFormat' operation, the block device is now type "", as blkid shows:

# blkid
...
/dev/sdb: UUID="8a5fa3ae-d997-4c3a-a6f6-ab7ac9007ef8" TYPE="crypto_LUKS"

Open the crypto_LUKS device with:

cryptsetup open <luks-device> <mapping-name> 

where <mapping-name> is the name of the device that will be created under /dev/mapper:

cryptsetup open /dev/sdb rackstationb

Upon providing the correct passphrase, the encrypted device will be mounted as /dev/mapper/rackstationb:

cd /dev/mapper/
ls -al rackstationb
lrwxrwxrwx. 1 root root 7 Dec 24 00:36 rackstationb -> ../dm-2

Once the encrypted device is available under /dev/mapper, a filesystem can be built on it:

mkfs.xfs /dev/mapper/rackstationb

The filesystem can then be mounted and used:

mount /dev/mapper/rackstationb /rackstationb

Mounting a LUKS Device at Boot