If we have information on a disk that is very important, we can encrypt the disk even if someone else gets it, you also need a password to open the disk to view the content. In this way, we can add a layer of protection for our data, and we will use Luks.
If we have information on a disk that is very important, we can encrypt the disk even if someone else gets it, you also need a password to open the disk to view the content. In this way, we can add a layer of protection for our data, and we will use Luks.
First, we need to have a disk. I created a Logical Disk for the experiment.
Step 1: Encrypt
cryptsetup luksFormat /dev/vg1/lv1
cryptsetupluksFormat /dev/vg1/lv1
Enter the password:Redhat
Step 2: Enable and assign the logical name
cryptsetup luksOpen /dev/vg1/lv1 secret
cryptsetupluksOpen /dev/vg1/lv1secret
Step 3: create a file system
mkfs -t ext4 /dev/mapper/secret
mkfs -t ext4 /dev/mapper/secret
Step 4: Create a mount point and mount it
mkdir /secretstuffmount /dev/mapper/secret /secretstuff
mkdir /secretstuff mount /dev/mapper/secret /secretstuff
At this time, we can use this disk normally. Let's create several files.
touch {1..10}.txt
touch {1..10}.txt
Then, we can unmount the disk.
umount /secretstuff
umount /secretstuff
Disable
cryptsetup luksClose secret
cryptsetupluksClosesecret
This is done, but, for example, if we want to encrypt a disk that needs to be mounted, we cannot say that the disk can be mounted only after a password is entered every time it is started up. This is not worth the candle, in fact, the encrypted disk can have several locks and keys. That is to say, we can add a key to the disk, which is read from the text, automatically reads data from the text at startup and solves the problem by yourself. Of course, this text should be well protected...
The following describes how to perform the operation:
Without umount, we should first create a secret
dd if=/dev/urandom of=/root/home-luks-key bs=4096 count=1chmod 600 /root/home-luks-keycryptsetup luksAddKey /dev/vg1/lv1 /root/home-luks-key
ddif=/dev/urandomof=/root/home-luks-keybs=4096 count=1 chmod 600 /root/home-luks-key cryptsetupluksAddKey /dev/vg1/lv1 /root/home-luks-key
Note: In this case, we need to enter our previous password, which is the first key password.
Redhat
Edit
vim /etc/crypttabsecret /dev/vg1/lv1 /root/home-luks-key
vim /etc/crypttab secret /dev/vg1/lv1 /root/home-luks-key
Then we modify the fstab
/dev/mapper/secret /secretstuff ext4 defaults 1 2
/dev/mapper/secret /secretstuff ext4defaults 1 2
Finished
Reboot Test