Welcome to the Linux Foundation Forum!

Chapter 10.4 - Using and encrypted partition

My test environment is not VLM. How to create encrypted partition (Ubuntu 14)?

I've created folder /dev/VG/MYSECRET

Command below is not prompting for a passphrase.

#cryptsetup luksFormat /dev/VG/MYSECRET/

WARNING!

========

This will overwrite data on /dev/VG/MYSECRET/ irrevocably.

Are you sure? (Type uppercase yes): yes

 

Thanks for advice,

Nick

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Comments

  • Posts: 11

    Hello Nick

    You don't create the folder: /dev/VG/MYSECRET

    Instead, you start by creating a LUKS container. The container gets created on top of storage device (/dev/sda3 in the example below) or a logical volume (like /dev/mapper/lvname). Say, I had a storage device /dev/sda3, I would: 

    cryptsetup luksFormat /dev/sda3

    luksFormat is followed by luksOpen which creates a luks container for the formatted storage or logical volume: cryptsetup –verbose luksOpen  /dev/sda3 c1

    luksOpen above creates a device called /dev/mapper/c1 from /dev/sda3

    You would then format:  mkfs -t ext4 /dev/mapper/c1  and use!

    Best Regards

    SMK

  • Hi SMK,

    Thanks for your reply. I've mounted partition image file as /dev/loop3 and tried to create luks container. See the output below:

    # df -H

    Filesystem      Size  Used Avail Use% Mounted on

    udev            2.0G  8.2k  2.0G   1% /dev

    tmpfs           402M  1.1M  401M   1% /run

    /dev/sda1        19G  7.1G   11G  40% /

    none            4.1k     0  4.1k   0% /sys/fs/cgroup

    none            5.3M     0  5.3M   0% /run/lock

    none            2.1G  148k  2.1G   1% /run/shm

    none            105M   29k  105M   1% /run/user

    /dev/loop3      1.1G  1.4M  952M   1% /mnt/mntpoint

    # cryptsetup luksFormat /dev/loop3

    WARNING!

    ========

    This will overwrite data on /dev/loop3 irrevocably.

    Are you sure? (Type uppercase yes): yes

    # cryptsetup --verbose luksOpen /dev/loop3 c1

    Device /dev/loop3 is not a valid LUKS device.

    Command failed with code 22: Device /dev/loop3 is not a valid LUKS device.

    Why loop3 still not a valid LUKS device?

  • Posts: 1,276

    Hi Nick,

    As pointed above, /dev/VG/MYSECRET is not a folder, it's a device (a LVM in this case). You also can work with any other non LVM partition. I recommend first to use a normal partition instead a loop device, so you can get some practice and then try with a loop device.

    Regards,

    Luis.

  • Posts: 4
    edited March 2017

    I've mounted normal partition as /dev/sdb1, but still not sure how to encrypt it.

    /dev/sdb1       1.1G  1.4M  968M   1% /home/student/mydata

    Please advise.

    Nick

  • Posts: 1,276
    edited March 2017

    Hi Nick,

    1) Unmount the partition.

    2) Then do the following:

    $ sudo cryptsetup luksFormat /dev/sdb1

    $ sudo cryptsetup luksOpen /dev/sdb1 secret-disk

    Then keep following the instructions of the lab.

    Regards,

    Luis.

  • Posts: 11

    Hello,
    While running command luksFormat, it is crucial , once prompted, to type 'yes' in CAPITAL LETTERS otherwise you will get error message.

    Are you sure? (Type uppercase yes):

  • Posts: 916

    YES, this is true. I remember having it take me a while to figure out and then if I don't do it for a long time remembering to do it again :)

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training