Friday, March 19, 2010

HOWTO create an encrypted backup disk with LUKS

First partition as normal with fdisk. Then create the encrypted header:

sudo cryptsetup --verify-passphrase --verbose --hash=sha256 \
--cipher=aes-cbc-essiv:sha256 --key-size=256 luksFormat /dev/sda1

Then create the filesystem and mount the disk:

sudo cryptsetup luksOpen /dev/sda1 crypt-backup
sudo mkfs -t ext4 /dev/mapper/crypt-backup
sudo mkdir /mnt/backup
sudo mount /dev/mapper/crypt-backup /mnt/backup

Copy your backup, then unmount with:

sudo umount /mnt/backup
sudo cryptsetup luksClose crypt-backup

No comments: