How to create an encrypted filesystem (LUKS).

This example creates an encrypted file system: on /dev/sda3 using dm-crypt with LUKS. It's based on Debian and applies to other Debian distros.

  • Install the necessary packages

apt-get install cryptsetup

  • setup the partition

cryptsetup luksFormat /dev/sda3 (give it a passphrase)

  • open (unlock) the partition

cryptsetup luksOpen /dev/sda3 sda3

  • format the partition (assumes XFS)

mkfs.xfs /dev/mapper/sda3

  • Add to /etc/fstab
/dev/mapper/sda3        /share    xfs             noauto  0       0
  • add the following to sudo if you want a non-root user to be able to mount it
username     ALL = NOPASSWD:/sbin/cryptsetup
username     ALL = NOPASSWD:/bin/mount
username     ALL = NOPASSWD:/usr/sbin/xfs_check
  • The following is a simple shell script to open and mount the partition on /share


cryptsetup luksOpen /dev/sda3 sda3
mount /dev/mapper/sda3 /share
Tags: encryption, Linux
2014-11-11 22:09 Roy Kidder {writeRevision}
Average rating: 0 (0 Votes)

You cannot comment on this entry

Chuck Norris has counted to infinity. Twice.