Formatting code for EncryptedFS
{{parent page="LinuxFileSystem"}}
===Encrypted filesystem on Fedore Core 7===
One can now create encrypted filesystems on non-root partitions. It's pretty simply to setup one. Below is an example to setup an encrypted swap partition (assuming my computer's existing swap partition is on /dev/sda5)
1. Remove the partition from swap **swapoff /dev/sda5**
2. Create encrypted volume **cryptsetup -c aes-cbc-essiv:sha256 luksFormat /dev/sda5**
3. Add to **/etc/crypttab**
%%(text;/etc/crypttab)
secretswap /dev/sda1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
# 1st column is the device's name under /dev/mapper
# 2nd column is the physical device
# 3rd column is the password, in this case some random string
# 4th column are options
%%
4. Setup the volume (device mapper) by "cryptsetup luksOpen /dev/sda5 secretswap
5. Create swap **mkswap /dev/mapper/secretswap**
6. Update **/etc/fstab**
7. Enable the swap partition **swapon /dev/mapper/secretswap**
8. Check the status of encrypted partition **cryptsetup status volume_name**
%%(text;/etc/fstab)
#LABEL=SWAP-hdc5 swap swap defaults 0 0
/dev/mapper/secretswap swap swap defaults 0 0
%%
The /etc/volume_key file contains a plaintext encryption key. You can also specify none as the key file name, and the system instead asks for the encryption key during boot.
===Encrypted filesystem on Fedore Core 7===
One can now create encrypted filesystems on non-root partitions. It's pretty simply to setup one. Below is an example to setup an encrypted swap partition (assuming my computer's existing swap partition is on /dev/sda5)
1. Remove the partition from swap **swapoff /dev/sda5**
2. Create encrypted volume **cryptsetup -c aes-cbc-essiv:sha256 luksFormat /dev/sda5**
3. Add to **/etc/crypttab**
%%(text;/etc/crypttab)
secretswap /dev/sda1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
# 1st column is the device's name under /dev/mapper
# 2nd column is the physical device
# 3rd column is the password, in this case some random string
# 4th column are options
%%
4. Setup the volume (device mapper) by "cryptsetup luksOpen /dev/sda5 secretswap
5. Create swap **mkswap /dev/mapper/secretswap**
6. Update **/etc/fstab**
7. Enable the swap partition **swapon /dev/mapper/secretswap**
8. Check the status of encrypted partition **cryptsetup status volume_name**
%%(text;/etc/fstab)
#LABEL=SWAP-hdc5 swap swap defaults 0 0
/dev/mapper/secretswap swap swap defaults 0 0
%%
The /etc/volume_key file contains a plaintext encryption key. You can also specify none as the key file name, and the system instead asks for the encryption key during boot.
