Encrypt Devices Using dm-crypt and LUKS
Linked by Thom Holwerda on Sun 3rd Dec 2006 16:13 UTC, submitted by raoulsland
Privacy, Security, Encryption "There are many different methods to encrypt data using various encryption algorithms (ciphers). In this document I describe in short how to encrypt a device with one of the most contemporary methods, using dm-crypt and LUKS. Actually, devices cannot be encrypted. It's the block devices which are volumes that can be. This means that you can encrypt a hard disk partition, a ZIP disk, a usb flash stick, or even a volume within a file."
E-mail Print r 1   5 Comment(s) http://osne.ws/ctj
Order by: Score:
Add Comment Post a Comment
COMPLETE Hard Disk Encryption with FreeBSD
by antik on Sun 3rd Dec 2006 21:10 UTC
antik
Member since:
2006-05-19

Actually, devices cannot be encrypted. It's the block devices which are volumes that can be. This means that you can encrypt a hard disk partition, a ZIP disk, a usb flash stick, or even a volume within a file..

Yes, you can... with FreeBSD:
http://events.ccc.de/congress/2005/fahrplan/events/1139.en.html

Reply Score: 1

ghen Member since:
2005-08-31
tetromino Member since:
2006-03-02

You misunderstood the article (which, admittedly, was not worded very clearly).
Dm-crypt encrypts arbitrary block devices -- which means it can be used to encrypt entire hard drives, or entire raid arrays made of multiple hard drives, or individual partitions on a given hard drive, or even (for loopback purposes) individual files. Or even, if you are paranoid, to create an encrypted loopback device on a file in an encrypted partition of an encrypted raid array composed of encrypted hard drives! It is this degree of flexibility which makes dm-crypt so great.

Edited 2006-12-03 22:41

Reply Score: 3

ghen Member since:
2005-08-31

The same can be said about the other technologies mentioned above. Pretty sweet, indeed!

Reply Score: 1

LUKS + LVM2 = Crypto Love
by postmodern on Mon 4th Dec 2006 09:57 UTC
postmodern
Member since:
2006-01-27

You can do full hard disk encryption by setting up a giant LUKS partition then initializing LVM2 inside of it.

One can do this fairly easy with for instance Gentoo using genkernel-3.4.4 (and above) to create your initramfs image to mount/initialize your LUKS+LVM2 partition.

I've heard this can also be done painlessly with Debian based distros as well.

It's a shame that the howto didn't also mention how easy it is to add/remove LUKS volume passwords. Yes I said passwords, LUKS allows up to 8 different keys for a volume (basically the volume master key encrypted with your hashed password).

Happy encrypting.

Reply Score: 1

Add Comment Post a Comment