Simple use of encrypted Partitions In Debian-Debian information in the Linux release. The following is a detailed description. This article briefly introduces the use of encrypted partitions introduced in Debian 4.0, which has not been verified on other Linux systems.
1. Create, use, and disable encrypted partitions
To use encrypted partitions, install the cryptsetup package.
First, you need to create a partition on the disk. You can select any partition type for the partition type, because the encrypted partition does not use the partition type.
Debian4 :~ # Fdisk-l/dev/sdb1
Disk/dev/sdb: 8589 MB, 8589934592 bytes
255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065*512 = 8225280 bytes
Device Boot Start End Blocks Id System
/Dev/sdb1 1 1044 8385898 + 16 Hidden FAT16
Then, use the cryptsetup luksFormat command to encrypt the partition. During the encryption process, you are prompted to enter the same password twice.
Debian4 :~ # Cryptsetup luksFormat/dev/sdb1
WARNING!
==========
This will overwrite data on/dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.
Use the cryptsetup luksOpen command to open the encrypted partition.
Immediately mount the hard disk containing the partition to other systems, and you must know the password to access the data in the partition. This achieves data protection.
2. Install the system in an encrypted partition or add lvm.
From Debian4.0, you can select "Guided-use entire disk and set up encrypted LVM" for partitioning. This option will delete all data on the hard disk, create a 200 + M ext3 format partition for/boot and other space for encrypted lvm.
If you want to retain the existing data, you can select the manual partitioning method to create a partition on the Physical disk. The purpose is to select "Physical volume for encryption ". if Erase data is set to yes, the installer will first Delete the data on the disk and then create an encrypted partition. If the disk partition is large, it will take a long time.
After setting the encrypted text area, the "configure encrypted volumes" option appears on the Partition disks screen.
Select "Configure encrypted volumes". The installer prompts you to enter the encryption password for the encrypted partition. enter two passwords to complete the encryption partition settings. the encrypted Partition is displayed on the page of the Partition disks. encrypted partitions can be used like normal partitions, such as file systems and physical volumes. if you select to use this partition for physical volume for LVM, the "Configure the Logical Volume Manager" option is displayed to Configure lvm.
After configuring the logical volume, you can install the system on the encrypted logical volume.
3. Access the data in the encrypted volume through the installation disc.
After you use the rescue or install method to boot the installation disc, you can use Alt + F2 to start a terminal. However, the installation program does not load cryptsetup, so you cannot perform operations on the encrypted partition. you can select any Partition on the Partition Disks screen and set this Partition to "Physical volume for encryption". Then, the installer loads cryptsetup. in the terminal, you can also use cryptsetup and lvm commands to operate partitions.
/Etc/crypttab is used to save the information of the encrypted partition, for example:
Cpv1/dev/hda5 none luks
If you modify the settings of encrypted partitions in the system, such as adding or deleting encrypted partitions, you should modify the settings of/etc/crypttab and run update-initramfs to update the initrd image. otherwise, the system may fail to start because it cannot find valid encrypted partition information.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
