{"id":65,"date":"2007-02-26T21:21:34","date_gmt":"2007-02-27T05:21:34","guid":{"rendered":"http:\/\/jaredrobinson.com\/blog\/?p=65"},"modified":"2007-02-26T21:21:34","modified_gmt":"2007-02-27T05:21:34","slug":"fedora-core-6-disk-encryption","status":"publish","type":"post","link":"https:\/\/jaredrobinson.com\/blog\/fedora-core-6-disk-encryption\/","title":{"rendered":"Fedora Core 6 Disk Encryption"},"content":{"rendered":"<p>\nHere&#8217;s how to set up an encrypted disk and swap partition on Fedora 6. Refer to <a href=\"http:\/\/www.redhatmagazine.com\/2007\/01\/18\/disk-encryption-in-fedora-past-present-and-future\">Disk encryption in Fedora: Past, present and future<\/a> for more information. For RedHat (RHEL 4) or CentOS 4, refer to <a href=\"http:\/\/wiki.centos.org\/TipsAndTricks\/EncryptedFilesystem\">http:\/\/wiki.centos.org\/TipsAndTricks\/EncryptedFilesystem<\/a>.\n<\/p>\n<p>Warning: I have no idea how to set up encrypted disks in combination with LVM. I tend to shy away from LVM because it&#8217;s yet another layer of abstraction, making it difficult to recover a broken system. However, the following links may be of help: <a href=\"http:\/\/www.saout.de\/tikiwiki\/tiki-index.php?page=EncryptHomeDirUsingLUKS\">[1]<\/a>, <a href=\"http:\/\/www.saout.de\/tikiwiki\/tiki-index.php?page=EncryptHomeDirUsingLUKS\">[2]<\/a>.<\/p>\n<p>In these examples, I&#8217;m encrypting the \/home partition located on partition \/dev\/sda5, and the swap partition located on \/dev\/sda3. The partitions will be different on your system.<\/p>\n<p><strong>Create and Format Encrypted Disk<\/strong>\n<\/p>\n<p>Before you start, you may want to obliterate the partition that will hold the encypted file system:<\/p>\n<blockquote>\n<pre>$ shred \/dev\/sda5<\/pre>\n<\/blockquote>\n<p>Setup the crypt disk:<\/p>\n<blockquote>\n<pre>\n$ cryptsetup -y --cipher aes-cbc-essiv:sha256 --key-size 256 luksFormat\n\/dev\/sda5\n  # You must type \"YES\" to proceed\n  # It will prompt you for a passphrase twice\n$ cryptsetup luksOpen \/dev\/sda5 home\n$ mkfs.ext3 -L \/home \/dev\/mapper\/home\n$ cryptsetup luksClose home\n<\/pre>\n<\/blockquote>\n<p><strong>Create \/etc\/crypttab<\/strong>\n<\/p>\n<p>Create the \/etc\/crypttab file. It should be formatted as follows:<\/p>\n<blockquote>\n<pre>swap    \/dev\/sda3       \/dev\/urandom swap,cipher=aes-cbc-essiv:sha256\nhome    \/dev\/sda5       none    luks\n<\/pre>\n<\/blockquote>\n<p><strong>Edit \/etc\/fstab<\/strong>\n<\/p>\n<blockquote>\n<pre>\n\/dev\/mapper\/home        \/home                   ext3    defaults 2 1\n\/dev\/mapper\/swap        swap                    swap    defaults 0 0\n<\/pre>\n<\/blockquote>\n<p>\nWhenever you boot the system, it will prompt you for your passphrase for the \/home partition.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here&#8217;s how to set up an encrypted disk and swap partition on Fedora 6. Refer to Disk encryption in Fedora: Past, present and future for more information. For RedHat (RHEL 4) or CentOS 4, refer to http:\/\/wiki.centos.org\/TipsAndTricks\/EncryptedFilesystem. Warning: I have no idea how to set up encrypted disks in combination with LVM. I tend to &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/jaredrobinson.com\/blog\/fedora-core-6-disk-encryption\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Fedora Core 6 Disk Encryption&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,9,17],"tags":[],"class_list":["post-65","post","type-post","status-publish","format-standard","hentry","category-fedora","category-linux","category-tech"],"_links":{"self":[{"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/posts\/65","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/comments?post=65"}],"version-history":[{"count":0,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/posts\/65\/revisions"}],"wp:attachment":[{"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/media?parent=65"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/categories?post=65"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/tags?post=65"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}