How-To: Create Encrypted Partition with Key File
by dervish on Feb.05, 2009, under Hacker
Make sure kernel modules are present:
Create a 256 bit key file containing random data:
dd if=/dev/random of=/etc/key bs=1 count=256
chown root:root /etc/key
chmod 600 /etc/key
cryptsetup –verbose -c aes-cbc-essiv:sha256 luksFormat /dev/sdb1 /etc/key
answer “YES” if you would like to overwrite data on /dev/sdb1 irrevocably
Create device mapping in /dev/mapper:
cryptsetup –key-file /etc/key luksOpen /dev/sdb1 sftpusers
Add partition to /etc/fstab:
/dev/mapper/sftpusers /sftpusers ext3 defaults 0 0
Create/update /etc/crypttab with device info:
sftpusers /dev/sdb1 /etc/key
Reboot to verify that volume is mounted automatically. This configuration has been tested on Red Hat Enterprise Linux 5.
Done in order to satisfy a PCI compliance issue with VMware volume files. Files should be encrypted when not in use. Of course, this only ensures an encrypted virtual disk file at the ESX file system level. Credit card data inside the virtual drive still needs to be encrypted so that it is not accessible when the system is live.
Note: Exclude the key parts if you want an encrypted partion with prompt for password at boot.
Leave a Reply
You must be logged in to post a comment.