Encrypted filesystem on Fedore Core 7
One can now create encrypted filesystems on non-root partitions. It's pretty simply to setup one. Below is an example to setup an encrypted swap partition (assuming my computer's existing swap partition is on /dev/sda5)1. Remove the partition from swap swapoff /dev/sda5
2. Create encrypted volume cryptsetup -c aes-cbc-essiv:sha256 luksFormat /dev/sda5
3. Add to /etc/crypttab
/etc/crypttab
secretswap /dev/sda1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
# 1st column is the device's name under /dev/mapper
# 2nd column is the physical device
# 3rd column is the password, in this case some random string
# 4th column are options
# 1st column is the device's name under /dev/mapper
# 2nd column is the physical device
# 3rd column is the password, in this case some random string
# 4th column are options
4. Setup the volume (device mapper) by "cryptsetup luksOpen /dev/sda5 secretswap
5. Create swap mkswap /dev/mapper/secretswap
6. Update /etc/fstab
7. Enable the swap partition swapon /dev/mapper/secretswap
8. Check the status of encrypted partition cryptsetup status volume_name
/etc/fstab
#LABEL=SWAP-hdc5 swap swap defaults 0 0
/dev/mapper/secretswap swap swap defaults 0 0
/dev/mapper/secretswap swap swap defaults 0 0
The /etc/volume_key file contains a plaintext encryption key. You can also specify none as the key file name, and the system instead asks for the encryption key during boot.
