Sunday, 27 August 2017

encrypting external drive.

Why do I feel like I've done this before and it's gone wrong? Anway. This was shamelessly copied from somewhere else on the 'net, in which place a comment was present saying trucrypt was a more secure approach. Do some searching. For now, this is a private note. 
$ sudo apt-get install cryptsetup
$ sudo fdisk /dev/sdf
d 2                        #  delete partition 2
d 1                        # delete partition 1
w                          # write changes.
sudo fdisk /dev/sdf
n    new
1    partition number
 default first sector = 2048 (not 34 as is available)
 default last sector = 15628053133

Created a new partition 1 of type 'Linux filesystem' and of size 7.3TiB
that should have been 8tB. Grrr. 
w                  write.
/dev/sdf   now present.
/dev/sdf1  now present.
sudo modprobe dm-crypt
I don't think this was needed. nice indication of disks attached: 
 lsblk
$ sudo cryptsetup -v -y -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --use-random luksFormat /dev/sdf1

-v = verbose
-y = verify passphrase, ask twice, and complain if they don’t match
-c = specify the cipher used
-s = specify the key size used
-h = specify the hash used
-i = number of milliseconds to spend passphrase processing (if using anything more than sha1, must be great than 1000)
–use-random = which random number generator to use
luksFormat = to initialize the partition and set a passphrase
/dev/sdf1 = the partition to encrypt
check the configuration of the luks header: 
sudo cryptsetup luksDump /dev/sdf1
LUKS header information for /dev/sdf1

Version:        1
Cipher name:    aes
Cipher mode:    xts-plain64
Hash spec:      sha512
Payload offset: 65535
MK bits:        512Key Slot 0: ENABLED
        Iterations:             1367519
        Salt:                   xx xx xx xx xx xx
                                xx xx xx xx xx xx
        Key material offset:    8
        AF stripes:             4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
Back up the header: 
sudo cryptsetup luksHeaderBackup --header-backup-file /home/me/luksHeaderBackupFile8TB.img /dev/sdf1
open the container and mount at /dev/mapper/volume01: 
sudo cryptsetup luksOpen /dev/sdf1 volume01
create the ext4 filesystem. 
sudo mkfs.ext4 /dev/mapper/volume01
mount it 
sudo mkdir -p /mnt/drive01                       
sudo mount /dev/mapper/volume01 /mnt/drive01
unmount and close the container. 
sudo umount /mnt/drive01                          
sudo cryptsetup luksClose /dev/mapper/volume01
Latter mounting/unmounting: 
sudo cryptsetup luksOpen /dev/sdf1 volume01
sudo mount /dev/mapper/volume01 /home/ms/mnt/drive01
##DO YOUR WORK HERE##
sudo umount /home/ms/mnt/drive01
sudo cryptsetup luksClose /dev/mapper/volume01
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)