Installation guide

The best way, which provides high quality random data but takes a long time (several minutes per

gigabyte on most systems):

dd if=/dev/urandom of=<device>

Fastest way, which provides lower quality random data:

badblocks -c 10240 -s -w -t random -v <device>

29.4 .3. Format t he device as a dm-crypt /LUKS encrypt ed device

Warning

The command below will destroy any existing data on the device.

cryptsetup luksFormat <device>

Tip

For more information, read the cryptsetup(8) man page.

After supplying the passphrase twice the device will be formatted for use. To verify, use the following

command:

cryptsetup isLuks <device> && echo Success

To see a summary of the encryption information for the device, use the following command:

cryptsetup luksDump <device>

29.4 .4 . Creat e a mapping t o allow access t o t he device's decrypt ed cont ent s

To access the device's decrypted contents, a mapping must be established using the kernel

device-mapper.

It is useful to choose a meaningful name for this mapping. LUKS provides a UUID (Universally

Unique Identifier) for each device. This, unlike the device name (eg: /dev/sda3), is guaranteed to

remain constant as long as the LUKS header remains intact. To find a LUKS device's UUID, run the

following command:

cryptsetup luksUUID <device>

An example of a reliable, informative and unique mapping name would be luks-<uuid>, where

<uuid> is replaced with the device's LUKS UUID (eg: luks-50ec957a-5b5a-47ee-85e6-

f8085bbc97a8). This naming convention might seem unwieldy but is it not necessary to type it often.

cryptsetup luksOpen <device> <name>

Red Hat Ent erprise Linux 5 Inst allat ion G uide

276