Welcome to Linux Forums! With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.
Find the answer to your Linux question:
Site Navigation
Linux Forums
Linux Articles
Product Showcase
Linux Downloads
Linux Hosting
Free Magazines
Job Board
IRC Chat
RSS Feeds
Free Publications


In these days data is more important especially if its a laptop. Where in we store variety of data either it be personal or office. so I have created this article where we can safely store the data securely. I will be explaining the procedure for it.

Once you have a nice new empty partition, you'll encrypt it with the cryptsetup command. Be very sure you are encrypting the correct partition:

# cryptsetup --verbose --verify-passphrase -c aes-cbc-plain luksFormat /dev/sda2

WARNING!
========
This will overwrite data on /dev/sda2 unrecoverable.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.

This creates the encrypted partition. Now you need to create and name a mountable logical partition. In this example, it is named sda2, which could be test or fred or mysecretpartition, or anything you want:

# cryptsetup luksOpen /dev/sda2 sda2
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.

This should show as a block device in /dev/mapper:

$ ls -l /dev/mapper
total 0
crw-rw---- 1 root root 10, 63 2007-06-09 18:38 control
brw-rw---- 1 root disk 254, 0 2007-06-09 19:46 sda2

Now put a filesystem on the logical partition:

# mkfs.ext3 /dev/mapper/sda2

Now you
need to make a mount point so you can mount and use this nice new encrypted partition. Remember, you must use the device name is from /dev/mapper/. I'll put it in my home directory. Watch for operations that require rootly powers:

$ mkdir /home/me/crypted
# mount /dev/mapper/sda1 /home/me/crypted

Confirm that it mounted, and write a test file:

# df -H

[...]
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/sda2 7.9G 152M 7.3G 3% /home/carla/crypted


# cd /home/me/crypted
# nano test
# ls
lost+found test

So far so good! But there is one big problem: only root can access this partition. We need our ordinary user to be able to use it. This virtual partition can be managed in /etc/fstab, just like any other partition. So add a line to /etc/fstab to allow an unprivileged user to mount and unmount the partition:

/dev/mapper/sda2 /home/carla/crypted ext3 user,atime,noauto,rw,dev,exec,suid 0 0

Now Carla can mount it herself:

$ mount ~/crypted

But Carla still cannot write to it. For this we need rootly powers one more time, to put the correct ownership and permissions on the mounted block device:

# chown carla:carla /home/carla/crypted/
# chmod 0700 /home/carla/crypted/

Ok then, that's a lot of Carlas! But now Carla has her own encrypted directory to read and write to just like any other directory in her
home directory, and no one else can touch it.

You may unmount and shut off the encrypted partition manually like this:

$ umount crypted

# cryptsetup luksClose sda2

You'll need your LUKS password only when you open the encrypted device. Remember, if you lose this password you are toast. You may delete the partition and start over, but your data are unrecoverable. Once the encrypted device is open and mounted, you may use it like any other partition.

You need root powers to run cryptsetup. This is probably not ideal for your users. There are a number of different ways to handle this. One is to use sudo; *buntu users are already set up with an all-powerful sudo. Another option is to configure it to start up at boot, and close at shutdown. Or you might want to create some nice desktop icons so your users can start it up and shut it down easily on demand.

We'll learn how to do these things next week, plus we'll learn how to encrypt USB keys, and how to set up a failsafe for a lost passphrase.

Rate This Article: poorexcellent
 
Comments about this article

Comment title: * please do not put your response text here