Setup Linux crypto
Links ecrypt . Linux/HomeDirEncryption Instructions on setting up crypto on USB HD for linux.
- 2010 - January
- Find disk mapping by-uuid to keep it constant.
- # ls -l /dev/disk/by-uuid/
- Setup Luks on device
- cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb1
- Format the encrypted partition
- # mkfs.ext3 /dev/mapper/crypt -L crypt1.5GB -m 0.5
- # mkfs.ext3 -j -m 1 -O dir_index,filetype,sparse_super,extent /dev/mapper/crypt
- flex_bg,extent,uninit_bg
- mkfs.ext4 -O dir_index,filetype,sparse_super,extent,flex_bg,uninit_bg /dev/mapper/crypt -L crypt1.5GB -m 0.1
-
- gvim /etc/cryptmount/cmtab
crypt { keyformat=luks dev=/dev/disk/by-uuid/0513f3c1-14da-41d5-b4ee-97fac5b5ac23 keyfile=/dev/disk/by-uuid/0513f3c1-14da-41d5-b4ee-97fac5b5ac23 dir=/home/USER/crypt fstype=ext3 }personal { keyformat=luks dev=/home/USER/.cryptofileLUKS dir=/home/USER/doc/personal }
- gvim /etc/cryptmount/cmtab
- mkdir /home/USER/crypt
- cryptmount crypt
- 2015 - encrypted loop file
personal /home/pes/.cryptofileLUKS none luks,loop
- Start with $sudo cryptdisks_start personal
- Automate / bypass luks password for LUKS passphrase
- Create /etc/initramfs-tools/hooks/local-noluksprompt and add the following lines:
mkdir -p ${DESTDIR}/root/bin cat >${DESTDIR}/root/bin/luks-password <<END #!/bin/sh -- echo -n password END chmod +x ${DESTDIR}/root/bin/luks-password echo "Added cleartext password -- http://atterer.org/linux-remove-disable-luks-encryption-password-on-disk-partition-crypttab-initrd"- Make the file executable with
chmod +x /etc/initramfs-tools/hooks/local-noluksprompt
- edit /etc/crypttab
- add option to root disk, ,keyscript=/root/bin/luks-password
- update-initramfs -u
- Create /etc/initramfs-tools/hooks/local-noluksprompt and add the following lines:
pcfpg clpg iltbbtims pchdg-hp ...