Re: encrypted partition question

To: debian-security@lists.debian.org
Subject: Re: encrypted partition question
From: Frank Störzer <frank.stoerzer@web.de>
Date: Thu, 4 Sep 2008 22:53:24 +0200
Message-id: <[🔎] 200809042253.25046.frank.stoerzer@web.de>
In-reply-to: <[🔎] 1220559134.3133.16.camel@discovery1>
References: <[🔎] 1220559134.3133.16.camel@discovery1>

Hi Alexander,
Am Donnerstag, 4. September 2008 22:12:14 schrieb Alexander Golovin:
>  Hi Frank!
>
>  I've added "crypt /dev/hda6  none   luks" string in /etc/crypttab
> file, what you had written, but unfartunately, I don't have the crypt
> file in /dev/mapper also.
>  I think maybe when I hadn't used the debian installer to encrypt my
> partion then something absent in my system then.
>  Maybe it's a good idea to use debian installer, but when I didn't
> use that I need to know how all this works step by step from install
> till configure and run.
>  I'll try to do that with luksAddKey, but I'm still don't understand
> why it's not working yet.

Have you rebooted the system or started the cryptsetup(-early) script in 
init.d? i don't know which one is the one, to initialize the 
cryptographic subsystem. Maybe this scripts aren't activ in your 
runlevel.

Just have a try on:
cryptsetup luksOpen /dev/hda6 crypt

This comand unlocks the crypted device after you insert the right 
passsword or provide the right key. Afterwards you can mount your 
mapped device.

If you can open the crypted device, the line above should work. To mount 
it on booting with the fstab, you have to unlock the device first. The 
entries in /etc/crypttab are used from the scripts in /etc/init.d/. 
This scripts are cryptsetup and cryptsetup-early, as I mentioned above. 
They will ask you for your passwort when booting and insert the device 
in /dev/mapper/, later, when the devices from the fstab will be 
mounted, the device is avible. I uses cryptsetup for my root partion, 
home partition, swap and tmp. Last weekend I have transferd my home 
partition on a new disk. On this disk I use LVM2 and have added 
encryption similar to you. No, not like you, as I see in the moment:

cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/daten/home

I have spezified the algorithm and the size of the key, aswell as the 
format. Maybe that is the reason, why it didn't work. If you haven't 
written data on the partiton, you can just initialize the device again.

My fault, I'm using cryptsetup every time with luks so I didn't realize 
that cryptsetup works without luks too.

Greetings

Frank

P.S.: You don't need to pm me, I'm subscribed to the list.

Reply to:

References:
- Re: Re: encrypted partition question
  - From: Alexander Golovin <alex.golovin@mail.ru>

Prev by Date: Re: Re: encrypted partition question
Next by Date: Re: encrypted partition question
Previous by thread: Re: Re: encrypted partition question
Next by thread: Re: encrypted partition question
Index(es):
- Date
- Thread