CentOS – where is my key – [auto]mount encrypted volumes

LUKS is the reference implementation for Linux and is based on an enhanced version of cryptsetup, using dm-crypt as the disk encryption backend. Under Microsoft Windows, LUKS-encrypted disks can be used with LibreCrypt (wiki). Disk encryption is always a good idea but sometimes onerous. We will try to make it a little bit simpler.

Directory services are already running on the server, time to add disk storage. We have an encrypted system disk and multiple data disks. The idea is: after unlocking system disk, operating system unlocks and mounts others encrypted devices for us. Let’s start.

1. find your disk

fdisk -l

2. format and encrypt it – this operation will overwrite the data!

cryptsetup luksFormat /dev/sdb
WARNING!
========
This will overwrite data on /dev/sdb irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:

3. open and map the partition

cryptsetup luksOpen /dev/sdb storage

4. generate and store the key for automount

dd if=/dev/urandom of=/root/keySDB bs=2048 count=4
4+0 records in 
4+0 records out
4096 bytes (4.1 kB) copied, 0.000295845 s, 13.8 MB/s

5. set privileges

chmod 0400 /root/keySDB

6. associate the key file with encrypted device

cryptsetup luksAddKey /dev/sdb /root/keySDB

7. create the filesystem – this operation will overwrite the data!

mkfs.ext4 /dev/mapper/storage

8. create the mountpoint

mkdir /storage

9. add information about encrypted device

vi /etc/fstab
/dev/mapper/storage /storage	ext4	defaults 1 2

10. automount

vi /etc/crypttab
storage /dev/sdb /root/keySDB luks

11. mount

mount -a

Documentation:
RHEL Encryption

Leave a Reply

Your email address will not be published. Required fields are marked *