How to encrypt-decrypt an ext3 partition on Linux
This document (3053870) is provided subject to the disclaimer at the end of this document.
Environment
Novell SUSE Linux Enterprise Server 9
Situation
How to encrypt-decrypt an ext3 partition on Linux
This can be used for situations where the partition needs to be encrypted for transport of the drive just incase it gets lost.
This can be used for situations where the partition needs to be encrypted for transport of the drive just incase it gets lost.
Resolution
To Encrypt:
1. modprobe loop_fish2
2. Create an ext3 partition
3. losetup -e twofish /dev/loop0 /dev/sda1 (or your partition you created) - At this point you will be prompted for a password that needs to be over 20 characters.
4. mkfs.ext3 /dev/loop0
5. mount -t ext3 /dev/loop0
6. umount
7. losetup -d /dev/loop0
Mount and decrypt:
1. modprobe loop_fish2 (If it has not been previously loaded)
2. mount -t ext3 /dev/sda1 -oencryption=twofish - You will be prompted for your password you set when you encrypted it.
If the encrypted mount point is required to automount on reboots:
1. On the new system copy the /etc/cryptotab file from the old machine to mount it via /etc/init.d/boot.crypto at startup.
2. Here is an example of what that file entry would look like:
1. modprobe loop_fish2
2. Create an ext3 partition
3. losetup -e twofish /dev/loop0 /dev/sda1 (or your partition you created) - At this point you will be prompted for a password that needs to be over 20 characters.
4. mkfs.ext3 /dev/loop0
5. mount -t ext3 /dev/loop0
6. umount
7. losetup -d /dev/loop0
Mount and decrypt:
1. modprobe loop_fish2 (If it has not been previously loaded)
2. mount -t ext3 /dev/sda1 -oencryption=twofish - You will be prompted for your password you set when you encrypted it.
If the encrypted mount point is required to automount on reboots:
1. On the new system copy the /etc/cryptotab file from the old machine to mount it via /etc/init.d/boot.crypto at startup.
2. Here is an example of what that file entry would look like:
/dev/loop0 /dev/sda1 /encrypt_part ext3 twofish defaultsNOTE: The encryption key is usually not saved anywhere but the user is prompted at startup for the right key.
Additional Information
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:3053870
- Creation Date: 21-Jul-2006
- Modified Date:03-Mar-2020
-
- SUSE Linux Enterprise Desktop
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com
