Encrypted Filesystems Revised

Some years back I blogged about encrypted filesystems. That info is still valid but times have moved on and there are other, better ways now.

I can’t take any credit for this info, it all comes from the blog of Lars Strand. My thanks to him for taking the trouble to make it public. I’m just putting it on my own blog because it’s of such value and enables me to extract just the elements I require.

Encrypting Swap

Add this to /etc/crypttab:
cryptoswap /dev/hda2 /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,swap

And this it /etc/fstab:
/dev/mapper/cryptoswap swap swap sw 0 0

That’s it! Much simpler than the old methods that involved editing swap init scripts.

Create an Encrypted Filesystem
cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/md8
cryptsetup luksOpen /dev/md8 crypt
mkfs.ext3 /dev/mapper/crypt

Add this to /etc/crypttab:-
crypt /dev/md8 noauto luks

Leave a comment