Home > Privacy, Security > Encrypt Devices Using dm-crypt and LUKS

Encrypt Devices Using dm-crypt and LUKS

  Submitted by raoulsland Privacy, Security 5 Comments

“There are many different methods to encrypt data using various encryption algorithms (ciphers). In this document I describe in short how to encrypt a device with one of the most contemporary methods, using dm-crypt and LUKS. Actually, devices cannot be encrypted. It’s the block devices which are volumes that can be. This means that you can encrypt a hard disk partition, a ZIP disk, a usb flash stick, or even a volume within a file.”

About The Author

Thom Holwerda

Follow me on Mastodon @[email protected]

5 Comments

  1. 2006-12-03 9:10 pm
    antik

    Actually, devices cannot be encrypted. It’s the block devices which are volumes that can be. This means that you can encrypt a hard disk partition, a ZIP disk, a usb flash stick, or even a volume within a file..

    Yes, you can… with FreeBSD:

    http://events.ccc.de/congress/2005/fahrplan/events/1139.en.html

    • 2006-12-03 10:05 pm
      ghen

      Or with NetBSD:

      http://www.netbsd.org/guide/en/chap-cgd.html

    • 2006-12-03 10:39 pm
      tetromino

      You misunderstood the article (which, admittedly, was not worded very clearly).

      Dm-crypt encrypts arbitrary block devices — which means it can be used to encrypt entire hard drives, or entire raid arrays made of multiple hard drives, or individual partitions on a given hard drive, or even (for loopback purposes) individual files. Or even, if you are paranoid, to create an encrypted loopback device on a file in an encrypted partition of an encrypted raid array composed of encrypted hard drives! It is this degree of flexibility which makes dm-crypt so great.

      Edited 2006-12-03 22:41

      • 2006-12-04 7:52 am
        ghen

        The same can be said about the other technologies mentioned above. Pretty sweet, indeed!

  2. 2006-12-04 9:57 am
    postmodern

    You can do full hard disk encryption by setting up a giant LUKS partition then initializing LVM2 inside of it.

    One can do this fairly easy with for instance Gentoo using genkernel-3.4.4 (and above) to create your initramfs image to mount/initialize your LUKS+LVM2 partition.

    I’ve heard this can also be done painlessly with Debian based distros as well.

    It’s a shame that the howto didn’t also mention how easy it is to add/remove LUKS volume passwords. Yes I said passwords, LUKS allows up to 8 different keys for a volume (basically the volume master key encrypted with your hashed password).

    Happy encrypting.