dm_crypt.
dm_crypt was introdused with kernel 2.6.4 We must activate some modules to get our encryption to work:
modprobe dm_crypt
modprobe aes
Check stuff.
If you want to check that the device map exists, type:
ls -L /dev/mapper/control
To check that you have support for aes encryption:
cat /proc/crypto
name : aes
module : aes
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
To check supported units:
dmsetup targets
crypt v1.0.0
striped v1.0.1
linear v1.0.1
error v1.0.1
New drive.
First make a partition using fdisk.
Then set up a new enrypted drive (we presume /dev/hdb1 below):
cryptsetup -c aes -y create disk-aes01 /dev/hdb1
This will prompt you for a password. Choose a complex one...
Mount drive.
To setup a drive (both new drives and already formatted drives):
cryptsetup create cryptdisk01 /dev/hdb1
This will prompt you for the password.
If it's a new disk, create filesystem:
mkfs.ext3 /dev/mapper/disk-aes01
Then just mount it as usual, and start using it...
For more info, see here (in Norwegian).
|