Skip to main content

How do I enable encryption for the stored data?

Joe Nisha
Updated
You can enable encryption of stored data in Linux OS using Disk Encryption as given below:
Disk Encryption
 Additional Disk is required for disk encryption

  1. Installation of cryptsetup
    for RHEL / CentOS
    # yum install cryptsetup-luks

  2. LUKS Format disk
    Note: while formatting the disk we have to give some password
    # cryptsetup luksFormat /dev/sdb

output:
WARNING!
========
This will overwrite data on /dev/sdb irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
  1. Luks open
    Note: We have to use the password created earlier while formatting the disk.
    # cryptsetup luksOpen /dev/sda data
output:
Enter passphrase for /dev/sdb:

4.create a filesystem
#mkfs -t ext4 /dev/mapper/data

output:
mke2fs 1.42.13 (17-May-2015)
Creating filesystem with 52428288 4k blocks and 13107200 inodes
Filesystem UUID: 1c71b0f4-f95d-46d6-93e0-cbd19cb95edb
Superblock backups stored on blocks: 
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
    4096000, 7962624, 11239424, 20480000, 23887872
Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (32768 blocks): done

Writing superblocks and filesystem accounting information: done
5.Mounting the new file system at /opt
# mount /dev/mapper/data /opt

  1. To get UUID
    #blkid /dev/mapper/data
output:
/dev/mapper/data: UUID="0a228c13-06d8-4739-99c3-f596c2dcce8e" TYPE="ext4"
  1. We need to add the UUID into /etc/fstab like this and save it
    Note: We need to add the UUID into etc/fstab file
Example:
LABEL=cloudimg-rootfs   /        ext4   defaults,discard        0 0
UID="4539b70d-66ab-4c07-b2a2-d4583f461a2f"   /secret   ext4 defaults 0 0
UID="4539b70d-66ab-4c07-b2a2-d4583f461a2f"   /opt      ext4 defaults 0 0
UUID="0a228c13-06d8-4739-99c3-f596c2dcce8e"   /opt  ext4  defaults 0  0
===================================================

  • TO close encryption
    /#cryptsetup luksClose /dev/mapper/data

  • To open encryption
    /# cryptsetup luksOpen /dev/mapper/data

 
CentOS Full Disk Encryption
 

Before installation of OS, the entire root volume can be encrypted using steps below for GUI based CentOS systems

  1. To enable the disk encryption please go to installation destination

  1. While installing Centos7 Installation Enable the Encryption.

  1. Next create Disk Encryption Passphrase.

  1. On reboot you would get the following prompt to enter the passphrase so that you can successfully unlock the drive:

  1. Please use the command as in the screenshot below to verify the disk Encryption

 

To learn about encryption of stored data for Linux (centos) read: Disk Encryption for Centos

To learn about encryption of stored data for Linux (ubuntu) read: Disk Encryption for Ubuntu

Related articles

Comments

0 comments

Please sign in to leave a comment.