名词解释
LUKS: Linux Unified Key Setup 一种硬盘加密规范,最初为Linux设计
cryptsetup: manage plain dm-crypt and LUKS encrypted volumes 说白了就是CLI
示例:加密目录
生成测试文件testC用以作为加密分区
1
dd if=/dev/zero of=testC bs=1M count=10
格式化为LUKS分区
1
cryptsetup -v -y luksFormat testC
打开加密分区,/dev/mapper 下会生成对应文件
1 | root@VM-0-11-ubuntu ~ #cryptsetup open testC testD |
cryptsetup status 查看状态
1
2
3
4
5
6
7
8
9
10
11
12root@VM-0-11-ubuntu ~ #cryptsetup status testD
/dev/mapper/testD is active.
type: LUKS1
cipher: aes-xts-plain64
keysize: 256 bits
key location: dm-crypt
device: /dev/loop0
loop: /root/testC
sector size: 512
offset: 4096 sectors
size: 16384 sectors
mode: read/writefdisk -l 可看到相应设备
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22root@VM-0-11-ubuntu ~ #fdisk -l
Disk /dev/loop0: 10 MiB, 10485760 bytes, 20480 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/vda: 50 GiB, 53687091200 bytes, 104857600 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x3fa1d255
Device Boot Start End Sectors Size Id Type
/dev/vda1 * 2048 104857566 104855519 50G 83 Linux
Disk /dev/mapper/testD: 8 MiB, 8388608 bytes, 16384 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes格式化和挂载后即可写入
1
2mke2fs -t ext4 /dev/mapper/testD -L testP
mount /dev/mapper/testD /opt/cdir/不再使用时记得卸载和关闭
1
2umount /opt/cdir
cryptsetup close testD