Encrypted filesystem on Fedore Core 7
One can now create encrypted filesystems on non-root partitions. It's pretty simply to setup one. Below is an example to setup an encrypted swap partition (assuming my computer's existing swap partition is on /dev/sda5)1. Remove the partition from swap swapoff /dev/sda5
2. Create encrypted volume cryptsetup -c aes-cbc-essiv:sha256 luksFormat /dev/sda5
3. Add to /etc/crypttab
/etc/crypttab
secretswap /dev/sda1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
# 1st column is the device's name under /dev/mapper
# 2nd column is the physical device
# 3rd column is the password, in this case some random string
# 4th column are options
# 1st column is the device's name under /dev/mapper
# 2nd column is the physical device
# 3rd column is the password, in this case some random string
# 4th column are options
4. Setup the volume (device mapper) by "cryptsetup luksOpen /dev/sda5 secretswap
5. Create swap mkswap /dev/mapper/secretswap
6. Update /etc/fstab
7. Enable the swap partition swapon /dev/mapper/secretswap
8. Check the status of encrypted partition cryptsetup status volume_name
/etc/fstab
#LABEL=SWAP-hdc5 swap swap defaults 0 0
/dev/mapper/secretswap swap swap defaults 0 0
/dev/mapper/secretswap swap swap defaults 0 0
The /etc/volume_key file contains a plaintext encryption key. You can also specify none as the key file name, and the system instead asks for the encryption key during boot.
There are no comments on this page. [Add comment]