Clint Adams: Statement from the fambly of the nut
![[astronut arrested]](http://ximg.scru.org/images/asstronut_200.jpg)
lvcreate -n crypto_test --size 40g asimov-vol
apt-get install cryptsetup
Set up encryption on the partition:
This initializes the partition for encryption and sets the initial key. People not using LVM will want a path like /dev/hdxY where hdxY is the partition on their hard drive that will be used for encryption.
Important! This command will wipe out anything on that partition
cryptsetup luksFormat /dev/mapper/asimov--vol-crypto_test
WARNING!
========
This will overwrite data on /dev/mapper/asimov–vol-crypto_test irrevocably. Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.
Congratulation! You now have an encrypted block device! However, it’s not quite ready to use.
Open and map the device:
This opens the device (prompting for a passphrase) and maps it to a block device in /dev/mapper. This can be used like any other block device, and the encryption/decryption is transparent. The first path (/dev/mapper/asimov–vol-crypto_test) is the encrypted partition you set up earlier. The name (crypto_test) is the name of the volume, the block device will be mapped as /dev/mapper/<name>.
cryptsetup luksOpen /dev/mapper/asimov--vol-crypto_test crypto_test
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.
Create the filesystem of your choice on the device:
This is just like setting up any other block device. I use ext3, others may prefer different formats.mkfs.ext3 /dev/mapper/crypto-test
Add the definition to /etc/crypttab:
/etc/crypttab is a list of encrypted devices that are mapped on boot. The format is <map name> <path to device> <key file> <options> Since we’re using a passphrase, we don’t have a key file.crypto_test /dev/mapper/asimov--vol-crypto_test none luks
Create a mount point:
This is where the encrypted device will be mounted on your filesystem.mkdir /mnt/crypto_test
Add the device to /etc/fstab:
/etc/fstab tells the computer where to mount different devices on the filesystem. The format isman 5 fstab
. You will want to add a line like this: /dev/mapper/crypto_test /mnt/crypto_test ext3 defaults 0 2
somewhere in this file.
Update the initial ramdisk.
The initial ramdisk is used to jumpstart the boot process and load modules for the kernel that it can’t load itself (such as drivers for block devices that contain the modules it uses). I’m not sure if this is needed or not, but I wanted to be on the safe side.update-initramfs -u -k all
Congratulations
Now your encrypted filesystem is completely set up! Reboot the system and you will see it prompt you for your passphrase during the boot cycle. Once the password has entered, the encryption is completely transparent. If you want to use your encrypted filesystem before rebooting, simply type mount /path/to/mountpoint
.
This has definately made my day. I would like to thank my sponsor and advocate, Anibal Monsalve Salazar, the Debian Cyrus Team (especially Sven and Henrique) and especially my AM, Cl ment Stenac (Zorglub). I couldn’t have asked for a better AM; he answered every mail within a day as far as I remember, was extremely supportive and helpful. I remember when I sent him the last T&S response he appologized on IRC that he couldn’t write the recommendation until that evening, whereas some AMs have taken months to do it.Dear Benjamin Seidenberg! Your account ‘benjamin’ has just been created in the central LDAP database of the Debian project. Please note that it needs a bit of time until this information is synced with all developer-accessible machines. You should be able to login or upload packages after about 30-60 minutes. The password for this account can be found appended to this message, encrypted with your GPG key. Email sent to benjamin@debian.org will be forwarded to astronut@dlgeek.net, to change this visit http://db.debian.org/forward.html.
- Removed transition dependency for cli-common on cli-common-dev. (7 month for a package rename transition should be more than enough)However, at no point in that seven months did anyone email me or file a bug report to tell me that the name changed. This bug wasn’t caught until someone rebuilding the archive noticed.
Next.