Open In App

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy

How to Setup Encrypted Filesystems and Swap Space Using ‘Cryptsetup’ Tool in Linux

An LFCE is in charge of the design, implementation, and continuous maintenance of the system architecture and is qualified and experienced to install, administer, and troubleshoot network services in Linux systems. Hard disc encryption for Linux Introduction to The Linux Foundation Certification Program for Linux Filesystem Encryption (LFCE). Encryption is designed to prevent unauthorized individuals from accessing your sensitive data and to prevent it from becoming lost or stolen along with your computer or hard drive. Simply said, a key is used to “lock” access to your information, making it accessible only while the system is active and when a trusted person unlocks it. This means that if someone attempts to look at the standard kernel-level encryption tool, dm-crypt (short for device-mapper and cryptographic), will be covered in this article’s discussion of how to set up encrypted file systems. Please be aware that dm-crypt can only be used to encrypt full devices, partitions, or loop devices because it is a block-level tool.

Encryption Preparation for a Drive, Partition, or Loop Device

Step 1: In Linux, create LFCS series partitions and filesystems.



# dd if=/dev/urandom of=/dev/sdb bs=4096

 

Step 2: Testing for Support for Encryption

We must first confirm that our kernel has been built with support for encryption before moving on.



# grep -i config_dm_crypt /boot/config-$(uname -r)

 

Step 3: Installation of Cryptsetup

Cryptsetup is a frontend interface for creating, configuring, accessing, and managing encrypted file systems using dm-crypt

# aptitude update && aptitude install cryptsetup

 

Step 4: Constructing a Secure Partition

The default operating mode for cryptsetup is LUKS (Linux Unified Key Setup) therefore we’ll continue with that. Setting the LUKS partition and the passphrase will be our first step.

# cryptsetup -y luksFormat /dev/sdb1

 

Step 5: Cryptsetup Version

 To know the version type the following command

# cryptsetup --version

 

Testing Encryption

Step 1: Launch the LUKS partition and type the below command

# cryptsetup luksOpen /dev/sdb1 my_encrypted_partition

 

Step 2: The partition be mounted as a standard file system

The partition should be mounted as a standard file system. It should serve as a warning. To get the partition run the following command.

# mount /dev/sdb1 /mnt/enc

 

Step 3: Create a dummy file inside the mount point.

# echo “This is article series about the LFCE certification” > /mnt/enc/testfile.txt

 

Step 4: Check to see whether you can open the newly produced file.

# cat /mnt/enc/testfile.txt

 

Step 5: Unmount the file system

# umount /mnt/enc

 

Step 6: Close the LUKS partition

# cryptsetup luksClose my_encrypted_partition

 

Step 7: The partition should be mounted as a standard file system. It should be an error indication.

# mount /dev/sdb1 /mnt/enc

 

Encrypting the Swap Space for Further Security

When the encrypted partition is open, the passphrase you previously provided to access it is kept in RAM memory. The data can be decrypted if someone can get his hands on this key. Since the RAM contents are stored on the swap partition while a laptop is in hibernation, doing this is extremely simple.

Step 1: Create a partition to be used as a swap with the appropriate size (/dev/sdd1 in our case) and encrypt it as explained earlier. Name it just “swap” for convenience.’

# swapon --show

 

Step 2: Set it as swap and activate it

# mkswap /dev/mapper/swap
# swapon /dev/mapper/swap

 

Step 3: Next, change the corresponding entry in /etc/fstab

/dev/mapper/swap none         swap sw           0    0

 

Step 4: Finally, edit /etc/crypttab and reboot

swap               /dev/sdd1         /dev/urandom swap

 

Step 5: Once the system has finished booting, you can verify the status of the swap space:

# cryptsetup status swap

 

Conclusion:

For all of your data, you now have an encrypted partition. LUKS encrypts whole block devices, so it is ideal for securing the data on portable storage devices like USB flash drives and laptop hard drives. Additionally, you may utilize your NAS server to safeguard backups. AES-NI (Advanced Encryption Standard Instruction Set) equipped Intel and AMD processors can speed up dm-crypt-based encryption for Linux kernel versions 2.6.32 and higher. Hard disc encryption will speed up as a result. Works with the swap partition as well, allowing you to use the hibernation function (also known as suspend-to-disk), which copies the RAM contents to the swap partition before shutting off the computer. LUKS only allows for a maximum of 8 passwords, meaning that only 8 users can each have their own unique access keys.


Article Tags :
Linux-Unix
Technical Scripter
Recommended Articles
1. How to Use Cryptmount Utility to Create Encrypted Filesystems in Linux?
2. Findmnt - Find all mounted filesystems on Linux
3. Difference Between Ext4 VS Btrfs Filesystems in Linux
4. Pillager - Filesystems For Sensitive Information With Go
5. How to Clear RAM Memory Cache, Buffer and Swap Space on Linux
6. Webkiller v2.0 - Tool Information Gathering tool in Kali Linux
7. Cewl Tool - Creating Custom Wordlists Tool in Kali Linux
8. Tool-X - Hacking Tool Installer in Kali Linux
9. Creating an Encrypted Persistent Live Kali USB
10. How to create an Encrypted Persistent TailsOS USB?
11. How to Setup VPN on Ubuntu Linux System for IP Spoofing Using windscribe?
12. Setup Terraform On Linux and Windows Machine
13. How To Setup And Use Anonsurf On kali Linux
14. How to setup and configure an FTP server in Linux?
15. How to setup and configure an FTP server in Linux?
16. How to Install and Setup Lua in Linux
17. How to Add Swap Space on Ubuntu 20.04
18. How to setup firewall in Linux?
19. How To Setup Proxychains In Linux Without Any Errors?
20. Virtual Private Network (VPN) Setup in Kali Linux
21. How to Setup Central Logging Server with Rsyslog in Linux
22. How to Setup GMVault Gmail Backup on Linux
23. How To Setup an Iptables Firewall to Enable Remote Access to Services in Linux
24. How to setup Portmaster Firewall for Linux
25. Setup two-factor authentication (2FA/MFA) for Linux systems