Difference between revisions of "Luks Disk Encryption"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) (Created page with "Previously I had found a really good article going over the options, but have since lost it and I failed to record it here. Instead I have very basic instructions to work off...") |
Michael.mast (talk | contribs) |
||
| Line 1: | Line 1: | ||
Previously I had found a really good article going over the options, but have since lost it and I failed to record it here. Instead I have very basic instructions to work off of, though they are good enough for general use.<ref>https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption</ref> | Previously I had found a really good article going over the options, but have since lost it and I failed to record it here. Instead I have very basic instructions to work off of, though they are good enough for general use.<ref>https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption</ref> | ||
| + | ==Basic Setup== | ||
| + | Using the standard options to get up and running quickly. This is more to prevent most people from accessing the data, but will not be sufficient to a determined attacker. | ||
| + | *In this example I will encrypt a large drive used for temporary backups. It will be auto-mounted with the OS at boot as the encryption is simply to make it easier to dispose of the drive if it fails. | ||
| + | <pre> | ||
| + | [ michael-ws Mon Jul 23 cert ] $ sudo cryptsetup luksFormat -v /dev/sdb | ||
| + | |||
| + | WARNING! | ||
| + | ======== | ||
| + | This will overwrite data on /dev/sdb irrevocably. | ||
| + | |||
| + | Are you sure? (Type uppercase yes): YES | ||
| + | Enter passphrase for /dev/sdb: | ||
| + | Verify passphrase: | ||
| + | Command successful. | ||
| + | |||
| + | [ michael-ws Mon Jul 23 cert ] $ cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 128 | head -n 1 | ||
| + | </pre> | ||
| + | |||
==Some GTP stuff== | ==Some GTP stuff== | ||
<ref>https://www.linux.com/learn/using-new-guid-partition-table-linux-goodbye-ancient-mbr</ref> | <ref>https://www.linux.com/learn/using-new-guid-partition-table-linux-goodbye-ancient-mbr</ref> | ||
Revision as of 07:04, 23 July 2018
Previously I had found a really good article going over the options, but have since lost it and I failed to record it here. Instead I have very basic instructions to work off of, though they are good enough for general use.[1]
Basic Setup
Using the standard options to get up and running quickly. This is more to prevent most people from accessing the data, but will not be sufficient to a determined attacker.
- In this example I will encrypt a large drive used for temporary backups. It will be auto-mounted with the OS at boot as the encryption is simply to make it easier to dispose of the drive if it fails.
[ michael-ws Mon Jul 23 cert ] $ sudo cryptsetup luksFormat -v /dev/sdb WARNING! ======== This will overwrite data on /dev/sdb irrevocably. Are you sure? (Type uppercase yes): YES Enter passphrase for /dev/sdb: Verify passphrase: Command successful. [ michael-ws Mon Jul 23 cert ] $ cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 128 | head -n 1
