Home » linux documentation » file management » cryptsetup-luks on fedora

cryptsetup-luks on fedora: step 5, 6

by tom.mcmanus | Thu, 10/23/2008 - 15:56

cryptsetup-luks on fedora: step 5, 6

Step 5: Initialize a LUKS partition and set the initial key

This step establishes the mapping between physical partitions and logical partitions.

In this HOWTO, our physical partition will actually be a logical volume. By default, when installing Fedora Core 5, a volume group and logical volumes within the volume group are created. The volume group is called VolGroup00?, and the logical volumes are called LogVol00?, LogVol01?, etc, for each of the partitions. However, in this HOWTO, our volume group will be called vg0, and our logical volume that will eventually get mounted to /home will be called home. So, the full path of the physical partition that will be mounted on /home (when we are done) is /dev/vg0/home. (Your device path will likely be different, but you need to identify the device that is currently mounted to /home.)

With that said, let's use the following command to initialize a LUKS partition and set the initial key using a passphrase (note, this will wipe out all data on the /home partition):

# cryptsetup --verbose --verify-passphrase luksFormat /dev/vg0/home

WARNING!
========
This will overwrite data on /dev/vg0/home irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: (enter your passphrase, and write it down somewhere!)
Verify passphrase: (repeat passphrase)

Step 6: Create a mapping between physical and logical partitions

# cryptsetup luksOpen /dev/vg0/home home
Enter LUKS passphrase:
#

If all is well, you now have a special file called /dev/mapper/home. This is what you will mount on /home. Verify that the file was created:

# ls -l /dev/mapper/

total 0
crw------- 1 root root 10, 63 May 24 06:52 control
brw-rw---- 1 root disk 253, 4 May 24 10:54 home
brw-rw---- 1 root disk 253, 1 May 24 06:52 vg0-home
brw-rw---- 1 root disk 253, 0 May 24 10:53 vg0-root
brw-rw---- 1 root disk 253, 2 May 24 06:52 vg0-swap

Notice the other logical volumes (vg0-home, vg0-root, and vg0-swap) that were created when Fedora Core 5 was installed. (Note, the names of these volumes were changed by me during the installation. The were originally VolGroup00-LogVol00?, VolGroup00-LogVol01?, etc.) The fact that you are using logical volumes (like /dev/vg0/home) as physical devices can be confusing. It may help to remember that when we refer to physical devices we use devices located in the volume group directory (example: /dev/vg0), and when we refer to logical devices we use devices located in /dev/mapper (i.e., they have been mapped are are ready to use). (Okay, yes, it's confusing that the physical devices in /dev/vg0 are also listed as logical devices in /dev/mapper. Try to ignore them.)