Linux File System Encryption Tutorial HD

This tutorial shows how to setup and use an encrypted file system on your GNU/Linux operating system. The following commands can be used when setting up an encrypted file system: Wipe the device with one pass of zero data followed by one pass of random data: dd if=/dev/zero of=/dev/"device""partition" bs=1M dd if=/dev/urandom of=/dev/"device""partition" bs=1M #where "device""partition" is the device ( and partition ) to be used. Setup an unformatted partition on the device using GNU Parted: parted /dev/"device" mklabel msdos mkpart primary 0% 100% #where "device" is the device to be used. Encrypt the device using cryptsetup and make an ext4 file system on the device: cryptsetup luksFormat --verbose --cipher=aes-xts-plain64 --key-size=512 --hash=sha512 --verify-passphrase /dev/"device""partition" cryptsetup luksOpen /dev/"device""partition" "name" mkfs -t ext4 -m 1 /dev/mapper/"name" cryptsetup luksClose "name" #where "device""partition" is the device and partition to be used; #where "name" is an arbitrary name defined when mapping the device. Decrypt and mount the encrypted file system for access and use: cryptsetup luksOpen /dev/"device""partition" "name" mount -t ext4 /dev/mapper/"name" /mnt/"mountpoint" #where "device""partition" is the device and partition to be used; #where "name" is an arbitrary name defined when mapping the device; #where "mountpoint" is the name of a directory selected to mount the device to. Unmount and unmap the encrypted file system for device removal: umount /mnt/"mountpoint" cryptsetup luksClose "name" #where "mountpoint" is the name of the mount point selected previously; #where "name" is the name defined when mapping the device. Wipe a file from an unencrypted file system to remove any sensitive data: shred --remove --zero --verbose "file" #where "file" is the path of the file to be wiped.