Account Links: Cart | Your Account | Logout

Skip to content

Red Hat Knowledgebase

Red Hat Knowledgebase Search:

Updated Within the Last:

New Solutions within the last day New Solutions within the last week New Solutions within the last month

Browse by topics:


Click to View a Topic
Red Hat Enterprise Linux > Logical Volume Manager (LVM) > Issue <<  40 of 66 >>

Solution Tools:


Email a Solution Postcard Printer version Submit a comment on this answer Update notifications Request an answer Back

Article Reference

Article ID: 7091
Last update: 11-16-07
Issue:
How do I use dm-crypt on LVM2 to create an encrypted LV (logical volume)?
Resolution:
Here is an example of how to use dm-crypt. DATA is an already existing the Volume Group.
  1. Create a Partition called CRYPTO using lvcreate: 
    [root@testmachine /]# lvcreate -n CRYPTO -L+100M DATA
Logical volume "CRYPTO" created
  2. Create a crypto blockdevice on CRYPTO using cryptsetup: 
    [root@testmachine /]# cryptsetup create DMCRYPT /dev/DATA/CRYPTO
Enter passphrase:
  3. Check the status with cryptsetup: 
    [root@testmachine /]# cryptsetup status DMCRYPT
/dev/mapper/DMCRYPT is active:
cipher: aes-plain
keysize: 256 bits
device: /dev/dm-6
offset: 0 sectors
size: 204800 sectors
  4. Add a filesystem using mke2fs: 
    [root@testmachine /]# mke2fs /dev/mapper/DMCRYPT
mke2fs 1.35 (28-Feb-2004)
max_blocks 104857600, rsv_groups = 12800, rsv_gdb = 256
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
25688 inodes, 102400 blocks
5120 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67371008
13 block groups
8192 blocks per group, 8192 fragments per group
1976 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729

Writing inode tables: done
inode.i_blocks = 3074, i_size = 67383296
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 35 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
  5. Mount the filesystem and create a file: 
    [root@testmachine /]# mkdir /mnt/crypt;
[root@testmachine /]# mount /dev/mapper/DMCRYPT /mnt/crypt
[root@testmachine /]# cd /mnt/crypt
[root@testmachine crypt]# ls -al
total 17
drwxr-xr-x 3 root root 1024 Feb 16 12:32 .
drwxr-xr-x 4 root root 4096 Feb 16 12:33 ..
drwx------ 2 root root 12288 Feb 16 12:32 lost+found
[root@testmachine crypt]# df -h
Filesystem Size Used Avail Use% Mounted on
[...]
/dev/mapper/DMCRYPT 97M 1.6M 91M 2% /mnt/crypt
[root@testmachine crypt]# touch FOOBAR
[root@testmachine crypt]# ls -al
total 17
drwxr-xr-x 3 root root 1024 Feb 16 13:42 .
drwxr-xr-x 4 root root 4096 Feb 16 12:33 ..
-rw-r--r-- 1 root root 0 Feb 16 13:42 FOOBAR
drwx------ 2 root root 12288 Feb 16 12:32 lost+found
[root@testmachine crypt]# cd ..
  6. Now unmount it and remove the crypto block device from the mapper -> the device is now safe. 
    [root@testmachine mnt]# umount /mnt/crypt
[root@testmachine mnt]# cryptsetup remove DMCRYPT

    The following can also be done after reboot.

  7. Re-create the block device and see what happens when a wrong password is being given: 
    [root@testmachine mnt]# cryptsetup create DMCRYPT /dev/DATA/CRYPTO
Enter passphrase: <----------- WRONG PASSPHRASE!
[root@testmachine mnt]# mount /dev/mapper/DMCRYPT /mnt/crypt
mount: you must specify the filesystem type
  8. Try again with the correct password: 
    [root@testmachine mnt]# cryptsetup remove DMCRYPT
[root@testmachine mnt]# cryptsetup create DMCRYPT /dev/DATA/CRYPTO
Enter passphrase:
[root@testmachine mnt]# mount /dev/mapper/DMCRYPT /mnt/crypt
[root@testmachine mnt]# ls -al /mnt/crypt/
total 17
drwxr-xr-x 3 root root 1024 Feb 16 12:32 .
drwxr-xr-x 4 root root 4096 Feb 16 12:33 ..
-rw-r--r-- 1 root root 0 Feb 16 13:42 FOOBAR
drwx------ 2 root root 12288 Feb 16 12:32 lost+found


How well did this entry answer your question?


good wrong incomplete out of date
Red Hat Enterprise Linux > Logical Volume Manager (LVM) > Issue <<   40  of  66  >>