Sunday, 19 February 2012

Linux: RHEL: How to create LUKS encrypted file-system

LUKS encrypted filesystem can be created over any of the block devices like a bare hard disk, logical volume, or a raid array.
To create a LUKS encrypted file-system, we first need to write the block device with random data.

dd if=/dev/urandom of=/dev/sdb bs=1K

This may take a little while depending on the size of the disk.
After that, disk has to be formatted as LUKS:

cryptsetup –verbose luksFormat --verify-passphrase /dev/sdb

Now, open the encrypted disk:

cryptsetup –verbose luksOpen /dev/sdb enc_data

Enc_data will be created under /dev/mapper.
Now, proceed with formatting the encrypted disk with ext4:

mkfs –t ext4 /dev/mapper/enc_data

And, lastly mount the file-system to a mount point.

To close the encrypted disk, unmount the disk first. Then issue the following command:

cryptsetup –verbose luksClose enc_data

To check the status of the encrypted disk:

cryptsetup status enc_data

To open the encrypted disk while booting, put a line with the encrypted disk name and the underlying block device in the 
/etc/crypttab file:

Enc_data       /dev/sdb