No one escapes what to look for improve security of our equipment as much as possible, this for both desktop and laptop computers, although in the case of the latter is directly an imperative thing -especially if we use them for work- as the fact of carrying -their from one place to another increases the chances of losing it or being stolen from us, and in both cases our information can be exposed and the consequences of this would be very serious.
The alternatives in this regard are a few, and that is the good thing about free software in general, although in this case I want to talk about DM-Crypt LUKS, an encryption solution very popular for a long time thanks to the fact that it is integrated into the kernel as a module – offering access to the Crypto APIs of the Linux kernel – and offer transparent encryption and the ability to map devices and partitions in virtual block levels, thus allowing encrypt partitions, full hard drives, RAID volumes, logical volumes, removable files or drives.
To start we need have a free partition (In my case, / dev / sda4), so if this is not the case we will have to create a new partition using a tool like GParted. Once we have free space let’s start with install cryptsetup if we no longer have this tool, which is usually included by default but maybe when we install our Ubuntu we opted for a minimal installation:
# Apt-get install cryptsetup
Now let’s start with initialize the partition that we are going to encrypt, for this we use that free partition that we mentioned later. This is a step that also generates the initial key, and although its name seems to indicate that the partition is formatted this does not happen, but simply prepares it to work with encryption (in our case we opted for AES with a key size of 512 bytes:
# Cryptsetup -verbose -verbose -cipher aes-XTS-plain64 -key-size 512 -hash sha512 -iter-time 5000 -use-random luksFormat / dev / sda4
We will receive a warning message notifying us that the content we have stored at this time in / Dev / sda4, And we are asked if we are safe. We nod by typing YES, so in capital letters, and then we are asked to enter the phrase LUKS, twice to make sure there are no errors.
Now we ‘open’ the encrypted container, while giving it a virtual name, which will be what appears on the system (for example when running the command df -h to view the different partitions, in our case we will see it in / dev / mapper / encrypted):
# Encrypted luksOpen / dev / sda4 encrypted crytpsetup
We are asked there LUKS key which we have created previously, we entered it and we are ready. We now need to create the file system for this encrypted partition:
# Mkfs.ext3 / dev / mapper / encrypted
The next step is to add this partition to the / etc / crypttab file, Operating similar to / etc / fstab as it is responsible for providing the encrypted drives at system startup:
# Cryto_test / dev / sda4 none luks
Then we created the mount point of this encrypted partition and added all this information to the / etc / fstab file so that we have everything available with each reboot:
# Mkdir / mnt / encrypted
# Nano / etc / fstab
Adding the following should be fine, although those looking for the most personalized can take a look at the pages of the fstab manual (man fstab) where there is plenty of information on the subject:
/ Dev / mapper / encrypted / mnt / encrypted ext3 defaults 0 2
Now, every time we reboot the system we will be asked to enter the password phrase, and after doing so the encrypted partition will be unlocked so that we can have it available.