Cryptsetup new drive

master
Jeff Moe 5 years ago
parent 60c0ba8f7a
commit 2cdf496c20

@ -0,0 +1,30 @@
# HOWTO add encrypted drive to an existing system.
exit 0
# XXX Change device names as appropriate
fdisk /dev/nvme1n1
# Make gpt partition
# Make linux parition full disk size
# --hash, --cipher --key-size, --key-slot --label
cryptsetup luksFormat /dev/nvme1n1p1
# or like:
cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom luksFormat /dev/nvme1n1p1
# "devel: (arbitrary name) is named now:
cryptsetup luksOpen /dev/nvme1n1p1 devel
# Format drive:
mkfs.ext4 /dev/mapper/devel
# Add to /etc/crypttab:
devel UUID=00000000-0000-0000-0000-000000000000 none luks
# Add to /etc/fstab:
# Note this UUID is not the same as the UUID in the crypttab
UUID=00000000-0000-0000-0000-000000000000 /srv/devel ext4 defaults 0 2
# To change password:
cryptsetup -y luksAddKey /dev/nvme1n1p1
cryptsetup luksRemoveKey /dev/nvme1n1p1

@ -1,3 +1,5 @@
# This is how to set up decrypting a remote encrypted partition at boot.
apt install dropbear-initramfs apt install dropbear-initramfs
/etc/dropbear-initramfs/config /etc/dropbear-initramfs/config

Loading…
Cancel
Save