Linux/Security/Encrypted disk
Make a harddisk encrypted and password protected.
Use case
Unless hardware is not physically protected, it is mostly not necessary to take the overhead of encryption on every harddisk. Clear exceptions are external harddisks with sensitive information on them i.e. backup disks. If they leave the building, they might get lost or stolen.
Cryptsetup
Cryptsetup is a utility for setting up disk encryption using dm-crypt kernel module. It adds an extra step to mounting and unmounting in that a decrypted device needs to be created before mounting and removed after mounting.
Mount
# This creates /dev/mapper/backup cryptsetup luksOpen /dev/sdb1 backup # Now mount the decrypted device mount /dev/mapper/backup /mnt/backup
Unmount
umount /mnt/backup cryptsetup luksClose backup
Install
Centos 6
yum install cryptsetup-luks
Centos 7
yum install cryptsetup
Encrypt a disk
WARNING: This procedure wipes data from the disk.
First find out which device is the disk that needs to be encrypted. If it is a USB disk, then plug it in.
fdisk -l
or
ls -l /dev/disk/by-id
Let us assume we found that the device is /dev/sdb.
Check if there are no partitions of /dev/sdb mounted at the moment. Else unmount them.
df
Create a linux partition on the device i.e. /dev/sdb1.
fdisk /dev/sdb
Format the partition as encrypted. A password should be given.
cryptsetup luksFormat /dev/sdb1
Open the encrypted /dev/db1 to the decrypted device /dev/mapper/backup ("backup" can be anything you like).
cryptsetup luksOpen /dev/sdb1 backup
Put a filesystem on the decrypted device.
mkfs.ext4 /dev/mapper/backup
The filesystem can now be used by mounting it.
mount /dev/mapper/backup /mnt/backup