Marek Mahut

There are tons of articles like this one on the internets, thus I’m just writing this down as my personal note. First let’s check for the package.

[root@mmahut ~]# rpm -qa cryptsetup-luks
cryptsetup-luks-1.0.5-7.fc8
[root@mmahut ~]#

After un-mounting /and backing up :)/ our home directory, we need to erase everything on it.

[root@mmahut ~]# shred -n 5 -v /dev/vg00/lvhome
shred: /dev/vg00/lvhome: pass 1/5 (random)...
shred: /dev/vg00/lvhome: pass 1/5 (random)...13MiB/4.0GiB 0%
shred: /dev/vg00/lvhome: pass 1/5 (random)...28MiB/4.0GiB 0%
shred: /dev/vg00/lvhome: pass 1/5 (random)...43MiB/4.0GiB 1%

Don’t leave any chance.

[root@mmahut ~]# dd if=/dev/urandom of=/dev/vg00/lvhome bs=1024
478301+0 records in
478300+0 records out
489779200 bytes (490 MB) copied, 160.087 s, 3.1 MB/s
[root@mmahut ~]#

Now, we can create a lusk head on your partition.

[root@mmahut ~]# cryptsetup luksFormat -c aes-cbc-essiv:sha256 -s 256 -y /dev/vg00/lvhome
WARNING!
========
This will overwrite data on /dev/vg00/lvhome irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.
[root@mmahut ~]#

We can check if we are able to de-crypt it.

[root@mmahut ~]# cryptsetup luksOpen /dev/vg00/lvhome home
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.
[root@mmahut ~]#

This will create new device file with name /dev/mapper/home, our decrypted media. You can safely create new file system on it now.

[root@mmahut ~]# mke2fs -j /dev/mapper/home
mke2fs 1.40.2 (12-Jul-2007)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
...

Migrate your data back and one last thing, don’t forget to change your fstab entry.

[root@mmahut ~]# grep home /etc/fstab
#/dev/vg00/lvhome /home ext3 defaults 0 0
/dev/mapper/home /home ext3 defaults 0 0
[root@mmahut ~]# grep home /etc/crypttab
home /dev/vg00/lvhome none
[root@mmahut ~]#