Encrypting devices with dm-crypt

Steps to create LVM

Assuming /dev/sda4 partition available to create LVM

1) create physical volume:
# pvcreate -ff /dev/sda4

2) create a volume group
# vgcreate VolumeGroup /dev/sda4

3) create lvm
# lvcreate –size 1G -n mylvm VolumeGroup

fdisk -l will show /dev/mapper/VolumeGroup-mylvm device created.

Encrypt /dev/mapper/VolumeGroup-mylvm with dm-crypt

1) Load modules and install cryptsetup
# modprobe dm-crypt
# modprobe dm-mod
# apt-get install cryptsetup-bin

2) Create key file
# dd if=/dev/urandom of=mykeyfile bs=1k count=2

3) Encrypt lvm with key
# cryptsetup luksFormat –key-file=mykeyfile /dev/mapper/VolumeGroup-mylvm

4) Open lvm
# cryptsetup luksOpen –key-file=mykeyfile /dev/mapper/VolumeGroup-mylvm crypt-dev
It will create new mapper device /dev/mapper/crypt-dev

5) Format it with mkfs, mount it and create file
# mkfs.ext4 /dev/mapper/crypt-dev
# mount /dev/mapper/crypt-dev /mnt
# touch /mnt/file1

6) Close device
# umount /mnt
# cryptsetup luksClose crypt-dev

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s