How to Use Luks to encrypt a Linux Disk

If we have information on a disk that is very important, we can encrypt the disk even if someone else gets it, you also need a password to open the disk to view the content. In this way, we can add a layer of protection for our data, and we will use Luks.

If we have information on a disk that is very important, we can encrypt the disk even if someone else gets it, you also need a password to open the disk to view the content. In this way, we can add a layer of protection for our data, and we will use Luks.

First, we need to have a disk. I created a Logical Disk for the experiment.

Step 1: Encrypt

cryptsetup luksFormat /dev/vg1/lv1

cryptsetupluksFormat /dev/vg1/lv1

Enter the password:Redhat

Step 2: Enable and assign the logical name

cryptsetup luksOpen /dev/vg1/lv1 secret

cryptsetupluksOpen /dev/vg1/lv1secret

Step 3: create a file system

mkfs -t ext4 /dev/mapper/secret

mkfs -t ext4 /dev/mapper/secret

Step 4: Create a mount point and mount it

mkdir /secretstuffmount /dev/mapper/secret /secretstuff

mkdir /secretstuff mount /dev/mapper/secret /secretstuff

At this time, we can use this disk normally. Let's create several files.

touch {1..10}.txt

touch {1..10}.txt

Then, we can unmount the disk.

umount /secretstuff

umount /secretstuff

Disable

cryptsetup luksClose secret

cryptsetupluksClosesecret

This is done, but, for example, if we want to encrypt a disk that needs to be mounted, we cannot say that the disk can be mounted only after a password is entered every time it is started up. This is not worth the candle, in fact, the encrypted disk can have several locks and keys. That is to say, we can add a key to the disk, which is read from the text, automatically reads data from the text at startup and solves the problem by yourself. Of course, this text should be well protected...

The following describes how to perform the operation:

Without umount, we should first create a secret

dd if=/dev/urandom of=/root/home-luks-key bs=4096 count=1chmod 600 /root/home-luks-keycryptsetup luksAddKey /dev/vg1/lv1 /root/home-luks-key

ddif=/dev/urandomof=/root/home-luks-keybs=4096 count=1 chmod 600 /root/home-luks-key cryptsetupluksAddKey /dev/vg1/lv1 /root/home-luks-key

Note: In this case, we need to enter our previous password, which is the first key password.

Redhat

Edit

vim /etc/crypttabsecret   /dev/vg1/lv1  /root/home-luks-key

vim /etc/crypttab secret  /dev/vg1/lv1  /root/home-luks-key

Then we modify the fstab

/dev/mapper/secret /secretstuff  ext4 defaults 1 2

/dev/mapper/secret /secretstuff  ext4defaults 1 2 

Finished

Reboot Test