Image

Knowledge base → Creating an encrypted disk on VDS Linux

[Virtual servers]
Date of publication: 19.01.2024

There are tasks when you need to place IMPORTANT data on a virtual server so that only the owner has access to it and at the same time can be accessed from anywhere in the world via the Internet.

This problem can be solved by purchasing a VDS server and creating an encrypted disk on which we will store our data with password access.

In our example, we will use Linux Debian 12, and perform actions as the root user.

1. Install the necessary packages

apt update
apt upgrade
apt install cryptsetup

1.1 Let's decide on the size and create a file

dd if=/dev/zero of=/root/crypt-drive bs=1M count=1024

1.1.1 Next, convert the file to the LUKS partition format:

cryptsetup -y luksFormat /root/crypt-drive
WARNING!
========
This will overwrite data on /root/crypt-drive irrevocably.

Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for /root/crypt-drive:
Verify passphrase:

Assign a password and enter confirmation. Please note that if you forget your password, you will not be able to restore it and access the data.

1.1.2 File information

file /root/crypt-drive
/root/crypt-drive: LUKS encrypted file, ver 2, header size 16384, ID 3, algo sha256, salt 0x16ddc735c6afbd8c..., UUID: da846bb0-3001-4eb9-a533-0ad833e6a780 , crc 0x62e90a39e3cd9bc7..., at 0x1000 {"keyslots":{"0":{"type":"luks2","key_size":64,"af":{"type":"luks1","stripes" :4000,"hash":"sha256"},"area":{"type":"raw","offse

The crypto container is ready for use; now it needs to be converted into a crypt-volume device.

1.2 Connect the created crypto container

cryptsetup luksOpen /root/crypt-drive crypt-volume
Enter passphrase for /root/crypt-drive:

Enter the password.

1.2.1 Create a file system

mkfs.ext4 -j /dev/mapper/crypt-volume

1.2.2 Create a folder for mounting

mkdir /mnt/crypt-volume

1.2.3 Mounting the partition

mount /dev/mapper/crypt-volume /mnt/crypt-volume

The encrypted disk is ready, you can fully use this partition as usual, encryption occurs at the time of use of this partition. No additional action is required.

2. Check

df -h

Filesystem Size Used Avail Use% Mounted on
udev 962M 0 962M 0% /dev
tmpfs 197M 492K 197M 1% /run
/dev/sda1 62G 2.7G 56G 5% /
tmpfs 984M 0 984M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 197M 0 197M 0% /run/user/0
/dev/mapper/crypt-volume 974M 72K 908M 1% /mnt/crypt-volume

3. Further use

3.1 Disabling a container

umount /mnt/crypt-volume
cryptsetup luksClose crypt-volume

3.2 Connecting a container

cryptsetup luksOpen /root/crypt-drive crypt-volume
mount /dev/mapper/crypt-volume /mnt/crypt-volume

Pay attention! When you reboot the server, if you did not specifically unmount the container, you will need to reconnect it as described in paragraph 3.2.

See also: Automatic mounting of an encrypted Luks file





No Comments Yet