Installation
$ sudo apt-get install cryptsetup
$ sudo yum install cryptsetup-luks
Setup
Creating a Luks encrypted USB disk
-
Format the device and set the password
$ sudo cryptsetup -y -v luksFormat /dev/xvdc
-
Open the container
$ sudo cryptsetup luksOpen /dev/xvdc backup
-
Verify the mapper has been assigned and the container opened correctly.
$ ls -l /dev/mapper/backup
-
Put a filesystem on it. First zero the partition and the put the FS on it. This can take hours and depends on the size of the disk used and the system resources (2TB took ~20h for me).
Without Progress bar:
$ sudo dd if=/dev/zero of=/dev/mapper/backup
With progress bar:
$ sudo time pv -tpreb /dev/zero | dd of=/dev/mapper/backup bs=128M
Create a FS:
$ sudo mkfs.ext4 /dev/mapper/backup
Maintenance
Status
View the status of a current mapping
$ sudo cryptsetup -v status backup
Mount
Mount and access the data at /mnt/disk
$ sudo cryptsetup luksOpen /dev/xvdc backup
$ sudo mount /dev/mapper/backup /mnt/disk
Unmount
Unmount the disk and close the container.
$ sudo umount /mnt/disk
$ sudo cryptsetup luksClose backup
Change passphrase
New passphrase needs to be provided.
$ sudo cryptsetup luksDump /dev/xvdc
$ sudo cryptsetup luksAddKey /dev/xvdc
Remove passphrase
The old passphrase needs to be entered.
$ sudo cryptsetup luksRemoveKey /dev/xvdc