Linux Beginner-Disk Encryption Chapter
Because of the confidentiality required, the general system in the file and disk encryption, but the file encryption is easier to crack, unsafe. Therefore, in the special need, the disk will be encrypted, the disk after the disk is damaged, the data will be corrupted, and then the disk encryption will be described in some of the contents.
Create a new disk partition, enter "Cryptsetup luksformat/dev/vdb1" to encrypt the disk partition/DEV/VDB1, enter the uppercase "YES", enter two times password, you can complete the disk encryption.
How do I mount the encryption after it is complete? As shown, if you mount the VDB1 partition directly, you will not be able to mount it. Enter "Cryptsetup open/dev/vdb1 we" is the encrypted disk partition VDB1 open as we, the name can be set by itself, the "/dev/mapper/we" Partition appears, and then format this partition, you can mount it.
For example, after/mnt is mounted, in which 10 files are created file{1..10}, after canceling the mount, you cannot see these 10 files under/mnt, after entering the command "Cryptsetup close we", we can close the VDB1 partition, when we do not exist, Can no longer be mounted.
Reopen the VDB1 partition to a different name partition, as shown in the following 10 files that appear when mounted.
If you need to automatically mount the boot, you need to set up a record password in the "/root" directory file, for example, to establish "/root/lukswe", the file name can be set by itself, enter the password of the encrypted partition VDB1, for security, it is recommended to set "600" permission. Then enter the command "Cryptsetup Luksaddkey/dev/vdb1/root/lukswe" to associate the password-holding file with the encrypted disk. Write the decryption configuration file in the "/etc/crypttab" file, such as write "We/dev/vdb1/root/lukswe", we represent the name of the VDB1 disk after it is opened. Finally, you need to write "/etc/fstab" to the boot auto-mount configuration, write "/dev/mapper/we/mnt xfs defaults 0 0", and then reboot to detect the automatic mount.
Need to cancel the disk encryption, you need to format this disk, if you have previously set up automatic mount, you need to delete the password record file, and then remove the "/etc/crypttab" and "/etc/fstab" in the configuration, cancel mount, close the encrypted disk, This encrypted disk can be deleted at the end of the format.
Linux Beginner-Disk Encryption Chapter