What is LUKS
Data safety is one of the top concerns everywhere be it corporate environment or confidential information or a regular home setup. LUKS is an encryption method handled at block level devices. This data can be decrypted by providing a password provided at time of setting up.
Install LUKS (cryptsetup)
LUKS uses package cryptsetup for encryption of block level devices. To install LUKS on Fedora or Red Hat use below syntax
Syntax
dnf install cryptsetup
Setting up or configuring LUKS partition
The block level device need to be formatted using cryptsetup command to format and encrypt device as a LUKS encrypted device
Syntax
cryptsetup luksFormat /dev/xdaXX
Example
cryptsetup luksFormat /dev/sda1
Once this command is processed you will be asked to confirm by entering “YES” (in caps). This command initializes the volume and will ask you to enter LUKS passphrase. Once entered passphrase you must not forget it as passphrase is not recoverable. Type the following command create a mapping:
Initialize LUKS partition
Now in the next step this partition has to be opened while opening it will ask for a passphrase. Now provide a name for the partition with which you want it to be mapped.
Syntax
cryptsetup open /dev/xdaXX [name_of_partition]
Example
cryptsetup open /dev/sdb1 infojinx
Once the partition is mapped its available for use as a regular partition. Now format this partition with a filesystem.
Syntax
mkfs.ext4 /dev/mapper/[name_of_partition]
Example
mkfs.ext4 /dev/mapper/infojinx
Note: To access encrypted devices you will have to use the path to the mapped name rather than accessing it directly.
Mounting of LUKS partition
Encrypted LUKS partition can be accessed by mounting it by partition name
Syntax
mount /dev/mapper/[name_of_partition]
Example
mount /dev/mapper/infojinx
Unmounting of LUKS partition
To unmount a LUKS partition use command
Syntax
unmount /dev/mapper/[name_of_partition]
Add entry for LUKS partition to fstab
Adding entry of LUKS partition in fstab, will enable mounting of the partition at time of booting.
add below line to /etc/fstab file
/dev/mapper/[name_of_partition] /[mount_point] ext4 defaults 0 0
Example
/dev/mapper/infojinx /infojinx ext4 defaults 0 0
Next add entry to crypttab file
[name_of_luks_partition] [path_of_partition] none
none implies no key file is available as of now.
Example
infojinx /dev/sdb1 none
Now at time of booting, the system will halt to ask for the passphrase of luks partition.