How to Setup Encrypted Filesystems and Swap Space Using ‘Cryptsetup’ Tool in Linux
An LFCE is in charge of the design, implementation, and continuous maintenance of the system architecture and is qualified and experienced to install, administer, and troubleshoot network services in Linux systems. Hard disc encryption for Linux Introduction to The Linux Foundation Certification Program for Linux Filesystem Encryption (LFCE). Encryption is designed to prevent unauthorized individuals from accessing your sensitive data and to prevent it from becoming lost or stolen along with your computer or hard drive. Simply said, a key is used to “lock” access to your information, making it accessible only while the system is active and when a trusted person unlocks it. This means that if someone attempts to look at the standard kernel-level encryption tool, dm-crypt (short for device-mapper and cryptographic), will be covered in this article’s discussion of how to set up encrypted file systems. Please be aware that dm-crypt can only be used to encrypt full devices, partitions, or loop devices because it is a block-level tool.
Encryption Preparation for a Drive, Partition, or Loop Device
Step 1: In Linux, create LFCS series partitions and filesystems.
# dd if=/dev/urandom of=/dev/sdb bs=4096
Step 2: Testing for Support for Encryption
We must first confirm that our kernel has been built with support for encryption before moving on.
Step 3: Installation of Cryptsetup
Cryptsetup is a frontend interface for creating, configuring, accessing, and managing encrypted file systems using dm-crypt
# aptitude update && aptitude install cryptsetup
Step 4: Constructing a Secure Partition
The default operating mode for cryptsetup is LUKS (Linux Unified Key Setup) therefore we’ll continue with that. Setting the LUKS partition and the passphrase will be our first step.
# cryptsetup -y luksFormat /dev/sdb1
Step 5: Cryptsetup Version
To know the version type the following command
# cryptsetup --version
Testing Encryption
Step 1: Launch the LUKS partition and type the below command
# cryptsetup luksOpen /dev/sdb1 my_encrypted_partition
Step 2: The partition be mounted as a standard file system
The partition should be mounted as a standard file system. It should serve as a warning. To get the partition run the following command.
# mount /dev/sdb1 /mnt/enc
Step 3: Create a dummy file inside the mount point.
# echo “This is article series about the LFCE certification” > /mnt/enc/testfile.txt
Step 4: Check to see whether you can open the newly produced file.
# cat /mnt/enc/testfile.txt
Step 5: Unmount the file system
# umount /mnt/enc
Step 6: Close the LUKS partition
# cryptsetup luksClose my_encrypted_partition
Step 7: The partition should be mounted as a standard file system. It should be an error indication.
# mount /dev/sdb1 /mnt/enc
Encrypting the Swap Space for Further Security
When the encrypted partition is open, the passphrase you previously provided to access it is kept in RAM memory. The data can be decrypted if someone can get his hands on this key. Since the RAM contents are stored on the swap partition while a laptop is in hibernation, doing this is extremely simple.
Step 1: Create a partition to be used as a swap with the appropriate size (/dev/sdd1 in our case) and encrypt it as explained earlier. Name it just “swap” for convenience.’
# swapon --show
Step 2: Set it as swap and activate it
# mkswap /dev/mapper/swap # swapon /dev/mapper/swap
Step 3: Next, change the corresponding entry in /etc/fstab
/dev/mapper/swap none swap sw 0 0
Step 4: Finally, edit /etc/crypttab and reboot
swap /dev/sdd1 /dev/urandom swap
Step 5: Once the system has finished booting, you can verify the status of the swap space:
# cryptsetup status swap
Conclusion:
For all of your data, you now have an encrypted partition. LUKS encrypts whole block devices, so it is ideal for securing the data on portable storage devices like USB flash drives and laptop hard drives. Additionally, you may utilize your NAS server to safeguard backups. AES-NI (Advanced Encryption Standard Instruction Set) equipped Intel and AMD processors can speed up dm-crypt-based encryption for Linux kernel versions 2.6.32 and higher. Hard disc encryption will speed up as a result. Works with the swap partition as well, allowing you to use the hibernation function (also known as suspend-to-disk), which copies the RAM contents to the swap partition before shutting off the computer. LUKS only allows for a maximum of 8 passwords, meaning that only 8 users can each have their own unique access keys.
Contact Us