Encrypted disk with password key-file (LUKS)

Posted on Wed 09 March 2011 by Pavlo Khmel

Encrypt disk:

cryptsetup luksFormat /dev/sdb

Create mapper device and file system:

cryptsetup luksOpen /dev/sdb testdisk
mkfs.ext3 /dev/mapper/testdisk

Create and add to disk password key-file:

dd if=/dev/random of=/root/keyfile-for-disk bs=1 count=256
cryptsetup luksAddKey /dev/sdb test/root/keyfile-for-disk

According /etc/crypttab mapper device will be created:

$ cat /etc/crypttab
testdisk /dev/sdb /root/keyfile-for-disk

$ cat /etc/fstab
. . .
/dev/mapper/testdisk /mnt ext3 defaults 0 0