20 July 2008 2 Comments

How to Encrypt Linux Hard Disk Space

    Encryption   (dm-crypt /  LUKS)
    Linux Unified Key Setup
 check the partition for errors.

sudo /sbin/badblocks -c 10240 -s -w -t random -v /dev/sda4 (sda4 is device name)

  Install cryptsetup.

apt-get install cryptsetup

We’ll write data over the newly created partition to help aid in the encryption process. By writing data to the partition prior to encryption it helps protect against data attacks, finding patterns on the block-level, etc.

sudo dd if=/dev/random of=/dev/sda4 (sda4 is devicename)

At this point the partition is ready to be encrypted. Now there are multiple encryption methods and options to be used within each. This outlines using the LUKS encryption with prefered string length, hash and cipher. This command will remind that all data will be lost (although we already lost everything in Step 4. This is also where we’ll be prompted for your passphrase to access the encryption.

cryptsetup –verify-passphrase –verbose –hash=sha256

--cipher=aes-cbc-essiv:sha256 –key-size=256 luksFormat   /dev/sda4

If you see an error near this point similar to “Failed to setup dm-crypt key mapping. Check kernel for support for the aes-cbc-plain cipher spec and verify that /dev/[your device] contains at least 258 sectors.” you’ll need to run this command:

sudo modprobe dm-crypt

You may want to have this module auto-magically added at boot time by appending this line to your /etc/modules file

dm-crypt

Now that we’ve created the encryption basic layout on the partition we need to open the encrypted partition for use.

cryptsetup luksopen /dev/sda4 encrypt

Make the ext3 partition

mkfs.ext3 -j -m 1 -o dir_index,filetype,sparse_super /dev/mapper/encrypt
mkdir /mnt/encrypt
mount /dev/mapper/encrypt /mnt/encrypt
<create files>
umount /mnt/encrypt/
cryptsetup luksClose /dev/mapper/encrypt
Ubuntu Linux encryption Useful sites

1. https://help.ubuntu.com/community/EncryptedFilesystemHowto3

2. http://www.emcken.dk/weblog/archives/164-Encrypted-USB-drive-in-Ubuntu.html

3.http://www.hermann-uwe.de/blog/howto-disk-encryption-with-dm-crypt-luks-and-debian

The option “-c aes-cbc-essiv:sha256” sets what cipher to use. It’s AES by standard, which is a good default but you want to enable ESSIV support explicitly because it’s rather important. With this option the crypto uses an different IV for each sector – protecting against known plaintext attacks and information leakage (such as the “watermarking attack).

If you liked this post, buy me a Coffee.

Tags:

2 Responses to “How to Encrypt Linux Hard Disk Space”

  1. Joe Smuddly 17 November 2008 at 1:13 pm #

    PLEASE – if you’re not going to discuss anything but Ubunto, go somewhere else. The main distro, SUSE, and it’s little brother Red Hat, are the only mature distros used in business and need encryption. Giving links for Ubunto only is insulting.

    Reply
  2. anith 24 November 2008 at 6:38 am #

    Sorry Joe, we use Ubuntu a lot…… :-)

    Reply

Leave a Reply