Encrypt a filesystem
Anyone being able to access your lesystem and data without your knowledge destroys your privacy and is a threat to con dentiality. So, we need a method by which both can be secured. One solution is to encrypt the lesystem and enable data privacy. To do this, follow the steps shown below: 1. Create a new partition with fdisk. 2. Run the command given below before mounting the device:
# cryptsetup luksformat /dev/sdan
…where N is the number assigned to your partition. Press Enter to proceed. WARNING! ======== This will overwrite data on /dev/sbd1 irrevocably. Are you sure? (Type uppercase yes):
Now type ‘YES’. Enter LUKS passphrase: Verify passphrase: Enter the pass phrase and press Enter to complete. If you try the above on a mounted device, you will get an error as shown below. So do remember to unmount the device before attempting the steps mentioned above.
Cannot format device /dev/sda9 which is still in use.
3. Now, type in the following command:
# cryptsetup luksopen /dev/sdan name Here, name is the mapping name for the device. The above command unlocks the encrypted volume / dev/sdan as /dev/mapper/name after you enter the correct decryption password.
4. Create an ext4 lesystem on the decrypted volume by issuing the following command:
# mkfs -t ext4 /dev/mapper/name
5. Create the directory mount point and mount the lesystem using the following command:
# mkdir /secret #mount /dev/mapper/name /secret
following command: # cryptsetup luksclose name
It will lock the encrypted volume, which can then only be reused by giving the password and mounting the volume.
— Debasish Mirdha, debasish[email protected]