Setup Linux crypto

• Links ecrypt . Linux/HomeDirEncryption Instructions on setting up crypto on USB HD for linux.

• 2010 - January
• Find disk mapping by-uuid to keep it constant.
  • # ls -l /dev/disk/by-uuid/
• Setup Luks on device
  • cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb1
• Format the encrypted partition
  • # mkfs.ext3 /dev/mapper/crypt -L crypt1.5GB -m 0.5
  • # mkfs.ext3 -j -m 1 -O dir_index,filetype,sparse_super,extent /dev/mapper/crypt
    • flex_bg,extent,uninit_bg
  • mkfs.ext4 -O dir_index,filetype,sparse_super,extent,flex_bg,uninit_bg /dev/mapper/crypt -L crypt1.5GB -m 0.1
• • gvim /etc/cryptmount/cmtab

     crypt {
        keyformat=luks
        dev=/dev/disk/by-uuid/0513f3c1-14da-41d5-b4ee-97fac5b5ac23 keyfile=/dev/disk/by-uuid/0513f3c1-14da-41d5-b4ee-97fac5b5ac23
        dir=/home/USER/crypt    fstype=ext3
        }

      personal {
       keyformat=luks
       dev=/home/USER/.cryptofileLUKS
       dir=/home/USER/doc/personal
       }

• mkdir /home/USER/crypt
• cryptmount crypt
• 2015 - encrypted loop file

  • personal  /home/pes/.cryptofileLUKS         none    luks,loop

  • Start with $sudo cryptdisks_start personal
• Automate / bypass luks password for LUKS passphrase
  • Create /etc/initramfs-tools/hooks/local-noluksprompt and add the following lines:

    • mkdir -p ${DESTDIR}/root/bin
      cat >${DESTDIR}/root/bin/luks-password <<END
      #!/bin/sh --
      echo -n password
      END
      chmod +x ${DESTDIR}/root/bin/luks-password
      echo "Added cleartext password -- http://atterer.org/linux-remove-disable-luks-encryption-password-on-disk-partition-crypttab-initrd"

    • Make the file executable with

      •  chmod +x /etc/initramfs-tools/hooks/local-noluksprompt  

    • edit /etc/crypttab
      • add option to root disk, ,keyscript=/root/bin/luks-password
    • update-initramfs -u

pcfpg clpg iltbbtims pchdg-hp ...

CategoryLinux