11/10/2015

Creating an Encrypted Partition in CentOS 7

Creating an Encrypted Partition in CentOS 7

First, prepare a partition with fdisk. In this example, it is assumed that /dev/sdb1 has been created.

Then, use cryptsetup to luksFormat the partition with a passphrase.

cryptsetup -y luksFormat /dev/sdb1

You will need to type: YES
if you are sure you want to continue.

You will be prompted to Enter and Verify your passphrase.  Be sure to select one that is not too simple or less than 8 characters, as now it does verify the complexity. If you complete this successfully, then you will need the passphrase that you used to open the device.  You can open the device under any name that you want to appear underneath /dev/mapper/.

Next, use cryptsetup to luksOpen the partition to a name like "confidential" that will become part of the path to the new /dev/mapper/confidential device.

crypstsetup luksOpen /dev/sdb1 confidential

You will then be prompted with the passphrase that you used when you executed cryptsetup with luksFormat subcommand.

The device will now appear as /dev/mapper/confidential, but it will actually be a symbolic link to a /dev/dm* device.

Format the open (unencrypted) device by making a filesystem.

mkfs.ext4 /dev/mapper/confidential

Create a mount point and mount the new filesystem.

mkdir /var/lib/confidential
mount /dev/mapper/confidential /var/lib/confidential

Put the data that you want to be encrypted onto the filesystem. For example, to copy confidential data from a user's home directory to the encrypted device, you could execute something like:

cp /home/user/confidential.data /var/lib/confidential

Unmount the filesystem and use cryptsetup to luksClose the filesystem.

umount /var/lib/confidential
cryptsetup luksClose confidential

Create /etc/cryptab
confidential /dev/sdb1

No comments:

About Me - WrightRocket

My photo

I've worked with computers for over 30 years, programming, administering, using and building them from scratch.

I'm an instructor for technical computer courses, an editor and developer of training manuals, and an Android developer.