Creating a new encrypted LUKS volume on top of LVM

1) Create a new LV (For example, a 10 GB LV called lvluksraw in VG vg01)

$ sudo lvcreate -L 10G -n lvluksraw /dev/vg01
  Logical volume "lvluksraw" created

2) Encrypt the LV and establish the passphrase

$ sudo cryptsetup luksFormat /dev/vg01/lvluksraw

WARNING!
========
This will overwrite data on /dev/vg01/lvluksraw irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: 
Verify passphrase: 

3) Check the volume

$ sudo cryptsetup isLuks /dev/vg01/lvluksraw
$ echo $?
0

4) View the LUKS header

$ sudo cryptsetup luksDump /dev/vg01/lvluksraw
LUKS header information for /dev/vg01/lvluksraw

Version:       	1
Cipher name:   	aes
Cipher mode:   	cbc-essiv:sha256
Hash spec:     	sha1
Payload offset:	4096
MK bits:       	256
MK digest:     	e3 ed c6 64 46 ec 95 e4 76 bf 39 35 d4 e9 18 8d 2f 69 81 76 
MK salt:       	34 1b 85 27 32 34 23 e2 0d ab 5b 19 2b 9e 47 74 
               	92 04 91 2b 77 d5 42 93 fa 42 cd 5e 4d 10 01 3e 
MK iterations: 	21250
UUID:          	a995af12-dd2b-4ab3-bf92-f956dbdf2d54

Key Slot 0: ENABLED
	Iterations:         	85242
	Salt:               	ea 3a 20 ed 0b b1 55 b3 6c 00 b6 25 c0 38 7a 7e 
	                      	12 6d 3b 40 3b 60 84 83 30 bc 35 4f 6a dc a6 e0 
	Key material offset:	8
	AF stripes:            	4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

5) Open the encrypted volume for use

$ sudo cryptsetup luksOpen /dev/vg01/lvluksraw luks-$(sudo cryptsetup luksUUID /dev/vg01/lvluksraw)
Enter passphrase for /dev/vg01/lvluksraw: 

6) Check for the new Device Mapper device

$ ll /dev/mapper/luks-$(sudo cryptsetup luksUUID /dev/vg01/lvluksraw)
lrwxrwxrwx. 1 root root 7 Nov 11 18:32 /dev/mapper/luks-a995af12-dd2b-4ab3-bf92-f956dbdf2d54 -> ../dm-8

7) Create filesystem

$ sudo mkfs -t ext4 /dev/mapper/luks-$(sudo cryptsetup luksUUID /dev/vg01/lvluksraw)
mke2fs 1.41.14 (22-Dec-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
655360 inodes, 2620928 blocks
131046 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2684354560
80 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Writing inode tables: done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 22 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

8) Mount the filesystem

$ sudo mount /dev/mapper/luks-$(sudo cryptsetup luksUUID /dev/vg01/lvluksraw) /mnt

9) Done!

$ df -hlP /mnt
Filesystem                                             Size  Used Avail Use% Mounted on
/dev/mapper/luks-a995af12-dd2b-4ab3-bf92-f956dbdf2d54  9.9G  151M  9.2G   2% /mnt
Advertisements