Help:"Protecting Data w/ Encrypted Linux Partitions"

**nujinini** · 03-02-2010

Hi!

I was trying to follow the tutorial on "Protecting Data with Encrypted Linux Partitions" by Kashyap.

After I moved all my data temporarily and have started, I encountered this...

Code:

[jun@localhost ~]$ su -
Password: 
[root@localhost ~]# cryptsetup --verbose --verify-passphrase -c aes-cbc-plain luksFormat /dev/sda8

WARNING!
========
This will overwrite data on /dev/sda8 irrevocably.

Are you sure? (Type uppercase yes): YES
Command failed: Can not access device

So I thought it was a problem in having the /dev/sda8 partition mounted so I executed this. Still got the same error. Can somebody please teach me what am I suppose to do please? Thanks!

Code:

[root@localhost ~]# mount /dev/sda8 /media/sda8
[root@localhost ~]# cryptsetup --verbose --verify-passphrase -c aes-cbc-plain luksFormat /dev/sda8

WARNING!
========
This will overwrite data on /dev/sda8 irrevocably.

Are you sure? (Type uppercase yes): YES
Command failed: Can not access device
[root@localhost ~]#

**devils casper** · 03-03-2010

Mount /dev/sda8 and execute df -h command. Does it list /dev/sda8 in the output?
You are using Ubuntu. Right?

**nujinini** · 03-03-2010

Originally Posted by devils casper

Mount /dev/sda8 and execute df -h command. Does it list /dev/sda8 in the output?
You are using Ubuntu. Right?

Hi!

Code:

[jun@localhost ~]$ df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda5              11G  9.1G  1.1G  90% /
tmpfs                 1.5G  256K  1.5G   1% /dev/shm
/dev/sda7              34G   28G  5.1G  85% /media/Mint 7
/dev/sda3             106G   81G   26G  77% /media/Storage Bin (A)
/dev/sda6              11G  3.5G  6.1G  37% /media/Ubuntu 9.10
/dev/sda1              15G   14G  940M  94% /media/XP Windows :(
/dev/sda8              51G  180M   48G   1% /media/Storage Bin (B)_
[jun@localhost ~]$

I was on my Fedora 10 when I tried to follow Kashyap's tutorial. I can do it in my Ubuntu 9.10 if it would make a difference. Or MInt 7.

The above output is from my Fedora terminal which automatically mounts all partitions.

**devils casper** · 03-03-2010

It should work in all distros.
Unmount partition using umount command and execute cryptsetup command again.

Make sure to gain root privileges through su - instead of su.

Code:

su -
umount /dev/sda8
cryptsetup --verbose --verify-passphrase -c aes-cbc-plain luksFormat /dev/sda8

**nujinini** · 03-03-2010

Bingo!

Code:

[jun@localhost ~]$ su -
Password: 
[root@localhost ~]# umount /dev/sda8
[root@localhost ~]# cryptsetup --verbose --verify-passphrase -c aes-cbc-plain luksFormat /dev/sda8

WARNING!
========
This will overwrite data on /dev/sda8 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: 
Verify passphrase: 
Command successful.
[root@localhost ~]#

Tutorial Output says.

Code:

# cryptsetup luksOpen /dev/sda2 sda2
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.

My output is different though:

Code:

[jun@localhost ~]$ su -
Password: 
[root@localhost ~]# # cryptsetup luksOpen /dev/sda8 sda8
[root@localhost ~]#

I wonder why

Now to continue....

**nujinini** · 03-03-2010

I think I'm getting warmer...

Code:

[jun@localhost ~]$ su -
Password: 
[root@localhost ~]# cryptsetup luksOpen /dev/sda8 /sda8
Enter LUKS passphrase for /dev/sda8: 
key slot 0 unlocked.
Command failed: dm_task_set_name: Device /sda8 not found
[root@localhost ~]#

Got it!

Code:

[jun@localhost ~]$ su -
Password: 
[root@localhost ~]# cryptsetup luksOpen /dev/sda8 sda8
Enter LUKS passphrase for /dev/sda8: 
key slot 0 unlocked.
Command successful.
[root@localhost ~]#

Code:

[jun@localhost ~]$ ls -l /dev/mapper
total 0
crw-rw---- 1 root root  10, 63 2010-03-04 06:35 control
brw-rw---- 1 root disk 253,  0 2010-03-03 23:14 sda8

[root@localhost ~]# mkfs.ext3 /dev/mapper/sda8
mke2fs 1.41.4 (27-Jan-2009)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
3366912 inodes, 13446268 blocks
672313 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=0
411 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
	4096000, 7962624, 11239424

Writing inode tables: done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 21 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
[root@localhost ~]# 

[jun@localhost ~]$ mkdir /home/jun/crypted

[jun@localhost ~]$ su -
Password: 

[root@localhost ~]# mount /dev/mapper/sda1 /home/jun/crypted
mount: you must specify the filesystem type
[root@localhost ~]# df -H
Filesystem             Size   Used  Avail Use% Mounted on
/dev/sda5               12G   9.8G   1.2G  90% /
tmpfs                  1.6G    78k   1.6G   1% /dev/shm
/dev/sda7               37G    30G   5.6G  84% /media/Mint 7
/dev/sda1               16G    14G   2.4G  86% /media/XP Windows :(
/dev/sda6               11G   3.7G   6.6G  37% /media/Ubuntu 9.10
/dev/sda3              113G    86G    28G  77% /media/Storage Bin (A)
[root@localhost ~]#
[jun@localhost ~]$ su -
Password: 
[root@localhost ~]# mount /dev/mapper/sda8 /home/jun/crypted
[root@localhost ~]# df -H
Filesystem             Size   Used  Avail Use% Mounted on
/dev/sda5               12G   9.8G   1.2G  90% /
tmpfs                  1.6G    78k   1.6G   1% /dev/shm
/dev/sda7               37G    30G   5.6G  84% /media/Mint 7
/dev/sda1               16G    14G   2.4G  86% /media/XP Windows :(
/dev/sda6               11G   3.7G   6.6G  37% /media/Ubuntu 9.10
/dev/sda3              113G    86G    28G  77% /media/Storage Bin (A)
/dev/mapper/sda8        55G   189M    52G   1% /home/jun/crypted

[root@localhost ~]# cd /home/jun/crypted
[root@localhost crypted]# nano test
[root@localhost crypted]# ls
lost+found
[root@localhost crypted]# 

[jun@localhost ~]$ su -
Password: 
[root@localhost ~]# mount /home/jun/crypted /sda8
mount: you must specify the filesystem type
[root@localhost ~]# mount /dev/mapper/sda8 /home/jun/crypted
mount: /dev/mapper/sda8 already mounted or /home/jun/crypted busy
mount: according to mtab, /dev/mapper/sda8 is already mounted on /home/jun/crypted
[root@localhost ~]# mount /home/jun/crypted sda8
mount: you must specify the filesystem type
[root@localhost ~]# mount /home/jun/crypted /media/sda8
mount: you must specify the filesystem type

[root@localhost ~]# mount /dev/mapper/sda8 /home/jun/crypted
mount: /dev/mapper/sda8 already mounted or /home/jun/crypted busy
mount: according to mtab, /dev/mapper/sda8 is already mounted on /home/jun/crypted
[root@localhost ~]#

Can you please help me on the last portion? Thanks!

**zombykillah** · 03-03-2010

I've never done this myself ... but it doesn't seem logical to me to mount the device.

As far as I know the en/decryption will be before the file-system ...
So you need to check that the device isn't mounted.

Just that way an encryption without any file-system dependencies gets possible ...
But it may cost redundancy with the data integrity ...

So both ways could be logical ...

So I checked in the internet:
cryptsetup - LinuxWiki.org - Linux Wiki und Freie Software
Is in german ... but in the first part it's written that the file system shall be made on the new device created by cryptsetup.
The device can be found in:
/dev/mapper/$NAME

so try following:

Code:

su

umount /dev/sda8
cryptsetup luksOpen /dev/sda8 sda8
...

just saw you allready got that one ...

so you are missing a filesystem.
mkfs -t xfs /dev/mapper/sda1
for example

**zombykillah** · 03-03-2010

Just reeded your description again ...
Damn you already have one ... I need to concentrate more ... may I shall dink some beer too increase it ...

The only thing I can think about is that the file system is only mounted ro.
However there should be a error msg when you try to exit nano or try to "touch test"

You can only mount a device that isn't already mounted ... so you need to write a unmount /home/jun/crypted

**nujinini** · 03-03-2010

Originally Posted by zombykillah

I need to concentrate more ... may I shall dink some beer too increase it ...

hahaha!

Thanks. Please help me analyse more

**zombykillah** · 03-04-2010

Hi ...
I've just tried to do it on my server ... till folowing line showed up:

Code:

slavi:~# cryptsetup --cipher aes --key-file key.txt create sda6 /dev/sda6
Aufruf fehlgeschlagen: Incompatible libdevmapper 1.02.27 (2008-06-25)(compat) and kernel driver

Well I'll try it on the other machine ...

Genial ...

Code:

SERVI:~# cryptsetup --cipher aes --key-file key.txt create crf1 /dev/sdf2
Aufruf fehlgeschlagen: Incompatible libdevmapper 1.02.27 (2008-06-25)(compat) and kernel driver

Well it seems I don't even come to the point you need help ...

With the following command you can check all mounted devices with their options:

Code:

cat /etc/mtab

Example:

Code:

SERVI:~# cat /etc/mtab
/dev/sda1 / ext3 rw,errors=remount-ro 0 0
tmpfs /lib/init/rw tmpfs rw,nosuid,mode=0755 0 0
proc /proc proc rw,noexec,nosuid,nodev 0 0
sysfs /sys sysfs rw,noexec,nosuid,nodev 0 0
procbususb /proc/bus/usb usbfs rw 0 0
udev /dev tmpfs rw,mode=0755 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0
devpts /dev/pts devpts rw,noexec,nosuid,gid=5,mode=620 0 0
/dev/sdf1 /media/sdf1 ext2 rw 0 0

You can see all options that were used during mount as rw read-write or ro read-only
Hope that helps you ...

Thread Tools

Display

Help:"Protecting Data w/ Encrypted Linux Partitions"

Posting Permissions