You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
250 lines
7.4 KiB
250 lines
7.4 KiB
<!DOCTYPE html> |
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en-us"> |
|
<head> |
|
<title> |
|
Luks Encryption // Hagfi.sh |
|
</title> |
|
|
|
<link href="http://gmpg.org/xfn/11" rel="profile"> |
|
<meta http-equiv="content-type" content="text/html; charset=utf-8"> |
|
|
|
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1"> |
|
|
|
<meta name="description" content=""> |
|
<meta name="keywords" content=""> |
|
<meta name="author" content="Kristof Vandam"> |
|
<meta name="generator" content="Hugo 0.18.1" /> |
|
|
|
<meta property="og:title" content="Luks Encryption" /> |
|
<meta property="og:description" content="" /> |
|
<meta property="og:type" content="website" /> |
|
<meta property="og:locale" content="en_US" /> |
|
<meta property="og:url" content="https://hagfi.sh/administration/luks-encryption/" /> |
|
|
|
|
|
|
|
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/pure/0.5.0/base-min.css"> |
|
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/pure/0.5.0/pure-min.css"> |
|
|
|
|
|
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/pure/0.5.0/grids-responsive-min.css"> |
|
|
|
|
|
|
|
<link rel="stylesheet" href="https://hagfi.sh//css/redlounge.css"> |
|
<link href="//maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css" rel="stylesheet"> |
|
<link href='//fonts.googleapis.com/css?family=Raleway:400,200,100,700,300,500,600,800' rel='stylesheet' type='text/css'> |
|
<link href='//fonts.googleapis.com/css?family=Libre+Baskerville:400,700,400italic' rel='stylesheet' type='text/css'> |
|
|
|
|
|
<link rel="apple-touch-icon-precomposed" sizes="144x144" href="/touch-icon-144-precomposed.png"> |
|
<link rel="shortcut icon" type="image/x-icon" href="/img/favicon.png"> |
|
|
|
|
|
<link href="" rel="alternate" type="application/rss+xml" title="Hagfi.sh" /> |
|
|
|
|
|
|
|
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/8.7/styles/tomorrow-night-bright.min.css"> |
|
|
|
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/8.7/highlight.min.js"></script> |
|
<script>hljs.initHighlightingOnLoad();</script> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</head> |
|
|
|
<body> |
|
|
|
|
|
<div id="layout" class="pure-g"> |
|
<div class="sidebar pure-u-1 pure-u-md-1-4"> |
|
<div class="header"> |
|
|
|
|
|
|
|
|
|
<h1 class="brand-title">Hagfi.sh</h1> |
|
<h2 class="brand-tagline">Documentation</h2> |
|
|
|
<nav class="nav"> |
|
<ul class="nav-list"> |
|
<li class="nav-item"><span class="nav-item-separator">//</span><a href="https://hagfi.sh/">Home</a></li> |
|
|
|
<li class="nav-item"><span class="nav-item-separator">//</span><a href="/administration">Administration</a></li> |
|
|
|
<li class="nav-item"><span class="nav-item-separator">//</span><a href="/development">Development</a></li> |
|
|
|
<li class="nav-item"><span class="nav-item-separator">//</span><a href="/tools">Tools</a></li> |
|
|
|
</ul> |
|
</nav> |
|
|
|
|
|
|
|
</div> |
|
</div> |
|
|
|
|
|
|
|
|
|
<div class="content pure-u-1 pure-u-md-3-4"> |
|
<a name="top"></a> |
|
|
|
|
|
|
|
|
|
<div id="toc" class="pure-u-1 pure-u-md-1-4"> |
|
<small class="toc-label">Contents</small> |
|
<nav id="TableOfContents"> |
|
<ul> |
|
<li> |
|
<ul> |
|
<li><a href="#add-a-new-disk-lvm">Add a new disk (LVM)</a></li> |
|
<li><a href="#create-a-logical-volume-lvm">Create a logical volume (LVM)</a></li> |
|
<li><a href="#encrypt-the-partition">Encrypt the partition</a></li> |
|
<li><a href="#create-a-mountpoint">Create a mountpoint</a></li> |
|
<li><a href="#create-a-key-to-auto-mount-the-encrypted-disk">Create a key (to auto-mount the encrypted disk)</a></li> |
|
<li><a href="#unmount-and-add-the-key">Unmount and add the key</a></li> |
|
<li><a href="#get-uuid">Get UUID</a></li> |
|
<li><a href="#auto-mount-luks-edit-etc-cypttab">Auto-mount LUKS (edit /etc/cypttab)</a></li> |
|
</ul></li> |
|
</ul> |
|
</nav> |
|
</div> |
|
|
|
|
|
<section class="post"> |
|
<h1 class="post-title"> |
|
<a href="/administration/luks-encryption/">Luks Encryption</a> |
|
</h1> |
|
<h3 class="post-subtitle"> |
|
|
|
</h3> |
|
|
|
<span class="post-date"> |
|
<span class="post-date-day"><sup>23</sup></span><span class="post-date-separator">/</span><span class="post-date-month">Aug</span> <span class="post-date-year">2018</span> |
|
</span> |
|
|
|
|
|
|
|
<span class="post-author-single">By <a class="post-author" target="">Kristof Vandam</a></span> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h2 id="add-a-new-disk-lvm">Add a new disk (LVM)</h2> |
|
|
|
<pre><code>root@server:/dev/centos # for i in /sys/class/scsi_host/host*; do echo "- - -" > $i/scan; done |
|
root@server:/dev/centos # NEWDISK=$(dmesg|tail|grep 'Attached'|awk '{print $4}'|tail -n1|cut -d "[" -f2|cut -d "]" -f1) |
|
root@server:/dev/centos # VGROUP=$(vgdisplay|grep Name|head -n1|awk '{print $3}') |
|
root@server:/dev/centos # echo ${NEWDISK} |
|
sdd |
|
root@server:/dev/centos # echo ${VGROUP} |
|
centos |
|
root@server:/dev/centos # pvcreate /dev/${NEWDISK} |
|
Physical volume "/dev/sdd" successfully created. |
|
root@server:/dev/centos # vgextend ${VGROUP} /dev/${NEWDISK} |
|
Volume group "centos" successfully extended |
|
</code></pre> |
|
|
|
<h2 id="create-a-logical-volume-lvm">Create a logical volume (LVM)</h2> |
|
|
|
<pre><code>root@server:/dev/centos # lvcreate -L 15G -n encrypted centos |
|
Logical volume "encrypted" created. |
|
</code></pre> |
|
|
|
<h2 id="encrypt-the-partition">Encrypt the partition</h2> |
|
|
|
<pre><code>root@server:/dev/centos # cryptsetup -v --verify-passphrase luksFormat /dev/centos/encrypted |
|
root@server:/dev/mapper # cryptsetup luksOpen /dev/centos/encrypted luks-encrypted |
|
</code></pre> |
|
|
|
<h2 id="create-a-mountpoint">Create a mountpoint</h2> |
|
|
|
<pre><code>root@server:/dev/mapper # mkdir /encrypted |
|
root@server:/dev/mapper # mount /dev/mapper/luks-encrypted /encrypted |
|
</code></pre> |
|
|
|
<h2 id="create-a-key-to-auto-mount-the-encrypted-disk">Create a key (to auto-mount the encrypted disk)</h2> |
|
|
|
<pre><code>root@server:/dev/mapper # dd if=/dev/urandom of=/root/lukskey bs=1024 count=4 |
|
root@server:/dev/mapper # chmod 0400 /root/lukskey |
|
</code></pre> |
|
|
|
<h2 id="unmount-and-add-the-key">Unmount and add the key</h2> |
|
|
|
<pre><code>root@server:/ # umount /encrypted |
|
root@server:/ # cryptsetup luksClose luks-encrypted |
|
root@server:/ # cryptsetup luksAddKey /dev/mapper/centos-encrypted /root/lukskey |
|
</code></pre> |
|
|
|
<h2 id="get-uuid">Get UUID</h2> |
|
|
|
<pre><code>root@server:/ # blkid /dev/mapper/centos-encrypted |
|
/dev/mapper/centos-encrypted: UUID="0dab9a5c-1870-478d-8d74-226eeb512f78" TYPE="crypto_LUKS" |
|
</code></pre> |
|
|
|
<h2 id="auto-mount-luks-edit-etc-cypttab">Auto-mount LUKS (edit /etc/cypttab)</h2> |
|
|
|
<pre><code>luks-encrypted /dev/disk/by-uuid/0dab9a5c-1870-478d-8d74-226eeb512f78 /root/lukskey luks |
|
</code></pre> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<div class="paging"> |
|
<span class="paging-label">More Reading</span> |
|
|
|
<div class="paging-newer"> |
|
<span class="dark-red">Newer</span><span class="decorative-marker">//</span> |
|
<a class="paging-link" href="/development/vue-js/">Vue Js</a> |
|
</div> |
|
|
|
|
|
|
|
<div class="paging-older"> |
|
<span class="dark-red">Older</span><span class="decorative-marker">//</span> |
|
<a class="paging-link" href="/administration/">Administrations</a> |
|
</div> |
|
|
|
</div> |
|
|
|
</section> |
|
|
|
|
|
|
|
|
|
|
|
</div> |
|
</div> |
|
|
|
|
|
|
|
|
|
|
|
</body> |
|
</html>
|
|
|