* Code maturity level options o Prompt for development and/or incomplete code/drivers * Device Drivers -> Multi-device support (RAID and LVM) o Device mapper support o Crypt target support * Cryptographic options o AES cipher algorithms |
[root@localhost
sandbox]# dd if=/dev/zero of=crypt.loop
bs=1024 count=51200 51200+0 records in 51200+0 records out [root@localhost sandbox]# ls -l total 54260 -rw-r--r-- 1 root root 52428800 Jun 21 22:27 crypt.loop [root@localhost sandbox]# |
[root@localhost sandbox]# losetup /dev/loop0 ./crypt.loop |
[root@localhost sandbox]# cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/loop0 |
WARNING! ======== This will overwrite data on /dev/loop0 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase: |
[root@localhost
sandbox]# cryptsetup luksOpen /dev/loop0 crypt Enter LUKS passphrase: key slot 0 unlocked. |
[root@localhost
sandbox]# mkfs -j /dev/mapper/crypt mke2fs 1.37 (21-Mar-2005) Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) 12600 inodes, 50192 blocks 2509 blocks (5.00%) reserved for the super user First data block=1 Maximum filesystem blocks=51642368 7 block groups 8192 blocks per group, 8192 fragments per group 1800 inodes per group Superblock backups stored on blocks: 8193, 24577, 40961 Writing inode tables: done Creating journal (4096 blocks): done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 33 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. |
[root@localhost sandbox]# mount /dev/mapper/crypt /mnt/test |
[root@localhost
sandbox]# ls -l /mnt/test total 12 drwx------ 2 root root 12288 Jun 21 22:33 lost+found [root@localhost sandbox]# df -h Filesystem Size Used Avail Use% Mounted on /dev/hda1 106G 89G 13G 89% / /dev/shm 62M 0 62M 0% /dev/shm /dev/mapper/crypt 48M 4.8M 41M 11% /mnt/test |
[root@localhost
sandbox]# umount /mnt/test [root@localhost sandbox]# cryptsetup luksClose crypt [root@localhost sandbox]# losetup -d /dev/loop0 |
[root@localhost
mnt]# dd if=/dev/zero of=/dev/sda1 bs=1M [root@localhost mnt]# cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/sda1 [root@localhost mnt]# cryptsetup luksOpen /dev/sda1 sda1 Enter LUKS passphrase: key slot 0 unlocked. [root@localhost mnt]# mkfs -j -c /dev/mapper/sda1 [root@localhost mnt]# cryptsetup luksClose sda1 |
PARTS=sda1 CRYPT=/sbin/cryptsetup for CHECK in $PARTS do echo "DOING ENCRYPTED PARTITION $CHECK" MNTED=`df | grep $CHECK 1> /dev/null ; echo $?` if [ $MNTED == "0" ] then umount /dev/mapper/$CHECK fi if [ -b /dev/mapper/$CHECK ] then $CRYPT luksClose $CHECK fi if [ ! -b /mnt/$CHECK ] then mkdir -p /mnt/$CHECK fi read -s -t 60 -p "-What is passphrase for $CHECK: " RESULT echo $RESULT | $CRYPT luksOpen /dev/$CHECK $CHECK mount /dev/mapper/$CHECK /mnt/$CHECK done |