Documente Academic
Documente Profesional
Documente Cultură
You can use the following command to see the status for the mapping:
# cryptsetup -v status backup2
Sample outputs:
/dev/mapper/backup2 is active.
type:
LUKS1
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/xvdc
offset: 4096 sectors
size:
419426304 sectors
mode:
read/write
Command successful.
You can dump LUKS headers using the following command:
# cryptsetup luksDump /dev/xvdc
Step #3: Format LUKS partition
First, you need to write zeros to /dev/mapper/backup2 encrypted device. This wil
l allocate block data with zeros. This ensures that outside world will see this
as random data i.e. it protect against disclosure of usage patterns:
# dd if=/dev/zero of=/dev/mapper/backup2
The dd command may take many hours to complete. I suggest that you use pv comman
d to monitor the progress:
# pv -tpreb /dev/zero | dd of=/dev/mapper/backup2 bs=128M
To create a filesystem i.e. format filesystem, enter:
# mkfs.ext4 /dev/mapper/backup2
To mount the new filesystem at /backup2, enter:
# mkdir /backup2
# mount /dev/mapper/backup2 /backup2
# df -H
# cd /backup2
# ls -l
How do I unmount and secure data?
Type the following commands:
# umount /backup2
# cryptsetup luksClose backup2
How do I mount or remount encrypted partition?
Type the following command:
# cryptsetup luksOpen /dev/xvdc backup2
# mount /dev/mapper/backup2 /backup2
# df -H
# mount
See shell script wrapper that opens LUKS partition and sets up a mapping for nas
devices.
Can I run fsck on LUKS based partition / LVM volume?
Yes, you can use the fsck command On LUKS based systems:
# umount /backup2
# fsck -vy /dev/mapper/backup2
# mount /dev/mapper/backup2 /backu2
See how to run fsck On LUKS (dm-crypt) based LVM physical volume for more detail
s.
How do I change LUKS passphrase (password) for encrypted partition?
Type the following command
### see key slots, max -8 i.e. max 8 passwords can be setup for each device ####
# cryptsetup luksDump /dev/xvdc
# cryptsetup luksAddKey /dev/xvdc
Enter any passphrase:
Enter new passphrase for key slot:
Verify passphrase:
Remove or delete the old password:
# cryptsetup luksRemoveKey /dev/xvdc
Please note that you need to enter the old password / passphrase.