[LINUX] Feel free to encrypt the disk

Introduction

There seems to be some people who are in trouble because they can look inside the used hard disk. If it is encrypted, it will not be logically peeked even if it is physically peeked.

Linux makes it very easy to encrypt a disk.

Outline

Encrypt using luks. Use cryptsetup as the command.

Encryption procedure

# cryptsetup luksFormat <device_name>

The contents of the device will disappear, but you will be asked if it is okay. Respond to YES in uppercase. You will then be asked for your passphrase. Enter the same passphrase twice as usual.

Open procedure

This is the step to gain access to encrypted devices.

# cryptsetup open <device_name> <mapped_name>

You will be asked for your passphrase. It maps to / dev / mapper / <mapped_name>.

Use

Use the block device / dev / mapper / <mapped_name> as you like. mkfs or mount. If anything, also pvcreate.

Closing procedure

The opposite of open. If it is mounted, unmount it first.

# cryptsetup close <mapped_name>

bonus

If you're using unencrypted rootfs with a single partition, you can also use a file like swapfile. All you have to do is create an empty file with dd if = / dev / zero and cryptsetup luksFormat. I don't think SSD will reduce performance to the point of concern.

Recommended Posts

Feel free to encrypt the disk
Feel free to change the label of the legend in Seaborn in python
Feel free to build Task Queue with PyQS
Feel free to write a test with nose (in the case of + gevent)
Feel free to turn Python using the library into an AWS Lambda function
The story of switching from WoSign to Let's Encrypt for a free SSL certificate
The road to Pythonista
The road to Djangoist
I sent the data of Raspberry Pi to GCP (free)
How to use the generator
The road to download Matplotlib
How to use the decorator
How to increase the axis
How to start the program
Feel free to implement Python's asynchronous http client with Trio + httpx