Chapter 10.4 - Using and encrypted partition

kolyan007

My test environment is not VLM. How to create encrypted partition (Ubuntu 14)?

I've created folder /dev/VG/MYSECRET

Command below is not prompting for a passphrase.

#cryptsetup luksFormat /dev/VG/MYSECRET/

WARNING!

========

This will overwrite data on /dev/VG/MYSECRET/ irrevocably.

Are you sure? (Type uppercase yes): yes

 

Thanks for advice,

Nick

sadamahan

Hello Nick

You don't create the folder: /dev/VG/MYSECRET

Instead, you start by creating a LUKS container. The container gets created on top of storage device (/dev/sda3 in the example below) or a logical volume (like /dev/mapper/lvname). Say, I had a storage device /dev/sda3, I would: 

cryptsetup luksFormat /dev/sda3

luksFormat is followed by luksOpen which creates a luks container for the formatted storage or logical volume: cryptsetup –verbose luksOpen  /dev/sda3 c1

luksOpen above creates a device called /dev/mapper/c1 from /dev/sda3

You would then format:  mkfs -t ext4 /dev/mapper/c1  and use!

Best Regards

SMK

kolyan007

Hi SMK,

Thanks for your reply. I've mounted partition image file as /dev/loop3 and tried to create luks container. See the output below:

# df -H

Filesystem      Size  Used Avail Use% Mounted on

udev            2.0G  8.2k  2.0G   1% /dev

tmpfs           402M  1.1M  401M   1% /run

/dev/sda1        19G  7.1G   11G  40% /

none            4.1k     0  4.1k   0% /sys/fs/cgroup

none            5.3M     0  5.3M   0% /run/lock

none            2.1G  148k  2.1G   1% /run/shm

none            105M   29k  105M   1% /run/user

/dev/loop3      1.1G  1.4M  952M   1% /mnt/mntpoint

# cryptsetup luksFormat /dev/loop3

WARNING!

========

This will overwrite data on /dev/loop3 irrevocably.

Are you sure? (Type uppercase yes): yes

# cryptsetup --verbose luksOpen /dev/loop3 c1

Device /dev/loop3 is not a valid LUKS device.

Command failed with code 22: Device /dev/loop3 is not a valid LUKS device.

Why loop3 still not a valid LUKS device?

luisviveropena

Hi Nick,

As pointed above, /dev/VG/MYSECRET is not a folder, it's a device (a LVM in this case). You also can work with any other non LVM partition. I recommend first to use a normal partition instead a loop device, so you can get some practice and then try with a loop device.

Regards,

Luis.

kolyan007

I've mounted normal partition as /dev/sdb1, but still not sure how to encrypt it.

/dev/sdb1       1.1G  1.4M  968M   1% /home/student/mydata

Please advise.

Nick

luisviveropena

Hi Nick,

1) Unmount the partition.

2) Then do the following:

$ sudo cryptsetup luksFormat /dev/sdb1

$ sudo cryptsetup luksOpen /dev/sdb1 secret-disk

Then keep following the instructions of the lab.

Regards,

Luis.

agnieszka

Hello,
While running command luksFormat, it is crucial , once prompted, to type 'yes' in CAPITAL LETTERS otherwise you will get error message.

Are you sure? (Type uppercase yes):

coop

YES, this is true. I remember having it take me a while to figure out and then if I don't do it for a long time remembering to do it again