Setting up encrypted partitions using dm-crypt
All you need to know is found here http://deb.riseup.net/storage/encryption/dmcrypt/
Comments
- Stock debian 2.6 kernel works just fine
- Stock debian kernel is modular - so looking in /proc/crypto before you start won't show aes, and dmsetup targets won't show crypto
- Here - I'm adding an lvm2 partition for this (the comments at the end of the above link about lvm are about putting lvm pv's onto a crypt partition - here I have a crypt partition on top of lvm - so the comments do not apply)
- On a different machine I've used a partition on an USB external harddisk which works too (you will need to remount if you unplug the USB and replug while mounted)
- The above link has details of using loopback too
Code executed:
aptitude install dmsetup cryptsetup
lvcreate -L 1G -n crypt vg
cryptsetup -y create private /dev/mapper/vg0-crypt
mkfs -t xfs /dev/mapper/private
mkdir /mnt/private
Two new scripts (I do not want the partition automounted):
mount_private:
#!/bin/bash
if [ -b /dev/mapper/private ]; then
cryptsetup remove private
fi
cryptsetup create private /dev/mapper/vg0-crypt
mount -t xfs /dev/mapper/private /mnt/private
umount_private:
#!/bin/bash
umount /mnt/private
cryptsetup remove private