DM-Crypt - Encrypted Partition Creation

Notes by Jim Cota

Last updated January 01 2007

Rito with Asus Z63A

These notes are based on an article published in DistroWatch Weekly. After hasseling for days trying to get TrueCrypt running on my Fedora 5 laptop, I tried these simple steps and had an existing spare partition encrypted in minutes.

A new partion is required DM-Crypt. Disk partitioning is not in the scope of this example. For this example we'll use /dev/sda8.

To create a mapper device for /dev/sda8, which we will call crypt in this example.

# cryptsetup -y create crypt /dev/sda8

You will be prompted to enter a passphrase and then verify it.

Now list the devices:

# dmsetup ls

Output should be similar to:

	crypt	(253, 0)

Now create a filesystem using ext2

# mke2fs /dev/mapper/crypt

This is an example of typical output:

	Filesystem label=
	OS type: Linux
	Block size=4096 (log=2)
	Fragment size=4096 (log=2)
	570080 inodes, 1138606 blocks
	56930 blocks (5.00%) reserved for the super user
	First data block=0
	Maximum filesystem blocks=1166016512
	35 block groups
	32768 blocks per group, 32768 fragments per group
	16288 inodes per group
	Superblock backups stored on blocks: 
	        32768, 98304, 163840, 229376, 294912, 819200, 884736

	Writing inode tables: done                            
	Writing superblocks and filesystem accounting information: done

	This filesystem will be automatically checked every 32 mounts or
	180 days, whichever comes first.  Use tune2fs -c or -i to override.

Then mount the device. Any name and location can be chosen for the mount point. Here we will use /priv for our example mount point.

# mkdir /priv
# mount /dev/mapper/crypt /priv

List the contents of the /priv directory and it should contain:

	lost+found

Now the encrypted directory is mounted and ready for use.

To unmount the device, follow these steps:

# umount /priv
# cryptsetup remove crypt

To remount the device:

# cryptsetup -y create crypt /dev/sda8

Enter the correct passphrase, then mount the device.

Now mount the device

# mount /dev/mapper/crypt /priv

Now your encrypted partition is accessible

back to top

Back to GNU/Linux