Creating a New Encrypted Volume Using LUKS

30 minutes
  • 3 Learning Objectives

About this Hands-on Lab

In this hands-on lab, we will use Linux Unified Key Setup (LUKS) to encrypt a volume on a Red Hat host. Then we’ll go through the process of unmounting and closing the volume and re-opening and re-mounting the volume, which is standard practice for encrypted volumes not mounted at boot.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create a New Logical Volume
  1. Run the vgs command to view a list of available volume groups.
  2. Next, run lvcreate -L 100M -n patient_lv luks_vg to create a new logical volume.
  3. Run the lvs command to verify that the new logical volume was created.
Encrypt the Volume with LUKS
  1. Run the following command:
    cryptsetup luksFormat /dev/mapper/luks_vg-patient_lv
  2. Type YES at the prompt.
  3. Enter the passphrase Pinehead1! at the next two prompts.
  4. Next, run the command blkid | grep patient, and check for TYPE=crypto_LUKS in the output.
  5. Next, format the volume with the following command:
    cryptsetup luksOpen /dev/mapper/luks_vg-patient_lv patient_lv
  6. Enter the passphrase Pinehead1! at the prompt.
  7. Next, run the command ls /dev/mapper, and check for patient_lv in the output.
  8. Run the following command to overwrite all of the storage on the new volume:
    shred -v -n1 /dev/mapper/patient_lv
  9. Next, format the new volume using ext4 with the following command:
    mkfs.ext4 /dev/mapper/patient_lv
  10. Next, mount the volume to /data.
    mount /dev/mapper/patient_lv /data
  11. Run the command ls /data, and check for lost+found in the output.
  12. Check the status of the new encrypted volume.
    cryptsetup -v status patient_lv
Create a Test File on the New Volume
  1. Run the command touch test.txt /data to create the test file.

Additional Resources

Your organization is deploying a new medical records system, and the logical volume that the patient data resides on must be encrypted using a passphrase. You have been tasked with creating a new logical volume that will be part of the luks_vg volume group. The new logical volume you have been tasked with creating will need to meet the following requirements:

  • Size: 100MB
  • Filesystem format: ext4
  • Logical volume name: patient_lv
  • Mount point: /data (create the directory if it doesn't exist)
  • Passphrase: Pinehead1!

Once the volume has been created and mounted, create a file called test.txt on the new volume within the /data directory.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!