Feeds:
Posts
Comments

Archive for December, 2011

Intro

How would you feel in your external hard drive disappeared. Think about it : all data available to anyone. Encrypt it!
Now modern Linux distribution makes it so easy you do not have any excuses.
Note : Unfortunately, the method is probably not portable (I actually never tried)

How To

Insert the drive and get its /dev file. In the example below, it is going to be /dev/sdb2. Currently, there is nothing on this partition.

  1. Create the LUKS header, with a password
    # cryptsetup luksFormat /dev/sdb2

    WARNING!
    ========
    This will overwrite data on /dev/sdb2 irrevocably.

    Are you sure? (Type uppercase yes): YES
    Enter LUKS passphrase:
    Verify passphrase:

  2. Open the device, I am calling the decrypted block device external (/dev/mapper/external), but it can be any name
    # cryptsetup luksOpen /dev/sdb2 external
    Enter passphrase for /dev/sdb2:
  3. Put some filesystem on that (ext4 in my case)
    # mkfs.ext4 /dev/mapper/external
    mke2fs 1.41.14 (22-Dec-2010)
    Filesystem label=
    OS type: Linux
    Block size=4096 (log=2)
    Fragment size=4096 (log=2)
    Stride=0 blocks, Stripe width=0 blocks
    10870784 inodes, 43452678 blocks
    2172633 blocks (5.00%) reserved for the super user
    First data block=0
    Maximum filesystem blocks=4294967296
    1327 block groups
    32768 blocks per group, 32768 fragments per group
    8192 inodes per group
    Superblock backups stored on blocks:
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
    4096000, 7962624, 11239424, 20480000, 23887872

    Writing inode tables: done
    Creating journal (32768 blocks): done
    Writing superblocks and filesystem accounting information: done

    This filesystem will be automatically checked every 20 mounts or
    180 days, whichever comes first.  Use tune2fs -c or -i to override.

  4. Close the connection, for a clean unplug
    # cryptsetup luksClose  /dev/mapper/external
  5. Then unplug the device. Replug it, and magically, a password will be asked in order to mouint it! (works on my Fedora15 + KDE)
  6. Read Full Post »