[SOLVED] Full drive encrytption question

Kernels & Hardware, configuring network, installing services

[SOLVED] Full drive encrytption question

Postby cds60601 » 2018-05-30 03:10

Hey everyone -

I recently "mastered", lol - working up a backup drive to use encryption in Ubuntu. My drive has backups and its used as a work drive for my schematics.
That being said, I'm currently using a key file for authentication opposed to a password when I mount and open the drive.

So the question is this; when I need to move this drive from my Ubuntu station to my Deb station, I'm hoping that as long as I have the key file, I should be able to access the drive just as I do under Ubu.

The current setup under Ubu uses /etc/crypttab and that points to where the key file is located (I know most of you know this, just mentioned for those that may not).

My thinking is all should be Ok to move this drive to my Deb station as long as I have the key file for the authentication. I'm hoping folks that know more than I (and that's most of you) might have done somethings like this and lend me guidance.

Thanks in advance!
Cheers
Chris
Last edited by cds60601 on 2018-06-17 15:33, edited 1 time in total.
Yeah, 220, 221. Whatever it takes.
User avatar
cds60601
 
Posts: 68
Joined: 2017-11-25 05:58

Re: Full drive encrytption question

Postby cds60601 » 2018-05-30 13:45

... actually, I had time last night to play this out. I was able to prove out my basic theory that if I have a drive that was encrypted on a Ubuntu system with the use
of a key-file for authentication, I "should" be able to use this same drive on my Debian system, provided I have the correct bits to authenticate.

So that's just what I did - replicated everything I had under my Ubuntu system to my Deb station. I know I shouldn't be surprised, but heck yeah - I was.
It indeed worked, and let me tell you - most of my little theories normally don't pan out but this one did.

I'll do up a short process on what I did (commands and the like) and dump it here in case someone wishes to do what I did. Mind you, nothing special for most seasoned
Deb (Linux) users, just something I wanted to do for a long spell but held off mainly because it "seemed" ominous :roll:

Cheers
Chris
Yeah, 220, 221. Whatever it takes.
User avatar
cds60601
 
Posts: 68
Joined: 2017-11-25 05:58

Re: Full drive encrytption question

Postby cds60601 » 2018-05-30 14:32

The small print stuff:

Assumptions -
1. Drive to be encrypted not be part of LVM.
2. cryptsetup has already been installed
3. You already know the device you wish to encrypt (I will be using /dev/sdb1 as an example)
4. You have already saved off any and all data on the drive you wish to encrypt - otherwise you will lose it all
5. You need to know how to use of sudo or su -

Notes & WARNINGS -
You have already saved off any and all data on the drive you wish to encrypt - otherwise you will lose it all
This process I am presenting, worked for me - YMMV
Please see the referring links at the end for a more complete overview of other options and processes
as mine is a compilation from these link to suite my needs.
... and finally, You have already saved off any and all data on the drive you wish to encrypt - otherwise you will lose it all



And now, for something completely different... The process:

Create a key-file for authentication - you will want this if you intend to use auto mount on boot:
dd if=/dev/urandom of=/root/drive_key bs=1024 count=4

Protect the key-file to be read only by root:
chmod 0400 /root/drive_key

Initialize the LUKS file system and use the key-file to authenticate instead of a password:
cryptsetup -d=/root/drive_key -v luksFormat /dev/sdb1

Create the LUKS mapping using the key-file:
cryptsetup -d=/root/drive_key luksOpen /dev/sdb1 data

Create your file system (I use ext4):
mkfs.ext4 /dev/mapper/data

Create your mount point on the system (some folks use /media):
mkdir /mnt/data

Mount the new file system at the mount point:
mount /dev/mapper/data /mnt/data

Create the mapper for fstab to use - edit /etc/crypttab:
# <target name> <source device> <key file> <options>
data /dev/sdb1 /root/drive_key luks

Add the mount point to fstab:
/dev/mapper/data /mnt/data ext4 defaults 0 2

Reboot or use mount -a


Referencing links for futher reading:
1. Linux Hard Disk Encryption With LUKS https://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/
2. Automatically Unlock LUKS Encrypted Drives With A Keyfile https://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile
3. How to Recover a LUKS Encrypted Disk https://alvinabad.wordpress.com/2012/09/22/how-to-recover-a-luks-encrypted-disk/#comment-3634
Yeah, 220, 221. Whatever it takes.
User avatar
cds60601
 
Posts: 68
Joined: 2017-11-25 05:58


Return to System configuration

Who is online

Users browsing this forum: No registered users and 7 guests

fashionable