In this lab you will create an encrypted block device using `dm-crypt` and LUKS. Then you will open the encrypted device and create a filesystem on it.
You are working as a System Administrator at a large financial institution and have been tasked with enabling whole-disk encryption on a portable drive. The portable drive is attached as `/dev/loop0` to the user’s workstation, which is running the CentOS Linux 7.7 operating system.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Create an Encrypted Volume on the Target Device
Create an encrypted volume on the target device:
$ sudo cryptsetup luksFormat /loopbackfile.img- Open the Encrypted Volume
Open the encrypted volume:
$ sudo cryptsetup luksOpen /dev/loop0 encvol $ ls /dev/mapper/ -l- Create a Filesystem on the Encrypted Volume
Create a filesystem on the encrypted volume:
$ sudo mkfs.ext4 /dev/mapper/encvol $ sudo mount /dev/mapper/encvol /mnt/- Unmount the Filesystem and Close the Encrypted Volume
Unmount the filesystem and close the encrypted volume:
$ sudo umount /mnt/ $ sudo cryptsetup luksClose encvol- Create a Keyfile and Add It to the Encrypted Volume
Create a keyfile and add it to the encrypted volume:
$ sudo dd if=/dev/urandom of=/root/lukskey bs=4096 count=1 $ sudo chmod 600 /root/lukskey $ sudo cryptsetup luksAddKey /dev/loop0 /root/lukskey- Open the Encrypted Volume Using the Keyfile and Mount the Filesystem
Open the encrypted volume using the keyfile and mount the filesystem:
sudo cryptsetup luksOpen /dev/loop0 encvol --key-file /root/lukskey sudo mount /dev/mapper/encvol /mnt/
