~   /code   /bits   /sys   /music   /vis   /archive   /tl   /log   /about  

Quick note: Encrypted ext4

This is a log on minimal setup of dm-crypt.

ref: Archwiki/dm-encrypt

Setup

delete existing fs (use with caution).

wipefs -a /dev/sdx

Lock the partition with dm-crypt; see man page for options

crypt setup [Options] luksFormat /dev/sdx

Decrypt(open) the partition:

cryptsetup open /dev/sdx name

After unlocking the partition, it will be available at /dev/mapper/name

Create ext4 filesystem:

mkfs.ext4 /dev/mapper/name

Mounting and Unmounting

# Mounting
cryptsetup open [device] [name]
mount -t [fstype] /dev/mapper/name /mnt/mntpoint

# Unmounting
umount /mnt/mntpoint
cryptsetup close [name]

A SIMPLE SCRIPT

gpgwiz (I call it gpgwiz because i store my gpg keypair on a usb stick). The script itself doesn’t necessarily have anything to do with GPG.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

#!/bin/sh

# I WROTE ONLY FOR MY PERSONAL USE. IT WON'T WORK FOR YOU
# OUT OF THE BOX. TWEAK THE VARIABLES FOR YOURSELF.

UUID=xxxxgggg-cccc-bbbb-aaaa-ddddeeeeffff
NAME=GPGDATA
MOUNTPOINT=/mnt/GPGDATA_MNT

bold=$(tput bold)
normal=$(tput sgr0)

print_usage(){
    echo "${bold}USAGE${normal}"
    echo "gpgwiz open: unlock partition and mount"
    echo "gpgwiz close: unmount partition and lock"
}

open_dev(){
    echo "PREPARING DEVICE"
    echo "MOUNTPOINT: $MOUNTPOINT"
    cryptsetup open /dev/disk/by-uuid/$UUID $NAME
    mkdir -p /mnt/$MOUNTPOINT
    mount -t ext4 /dev/mapper/$NAME $MOUNTPOINT
    echo "ceating symbolinks... TODO"
}

close_dev(){
    umount $MOUNTPOINT
    cryptsetup close $NAME
}

if [ -z $1 ]
then
    print_usage
    exit
fi

if [ $1 == 'open' ]; then
    open_dev
elif [ $1 == 'close' ]; then
    close_dev
else
    print_usage
fi
edited 20.04.2024
created 18.07.2020
EOF
[+] click to leave a comment [+] 
the comment system on this blog works via email. The button
below will generate a mailto: link based on this page's url 
and invoke your email client - please edit the comment there!

[optional] even better, encrypt the email with my public key

- don't modify the subject field
- specify a nickname, otherwise your comment will be shown as   
  anonymous
- your email address will not be disclosed
- you agree that the comment is to be made public.
- to take down a comment, send the request via email.
>> SEND COMMENT <<