Installation guide

Add an entry to /etc/fstab. This is only necessary if you want to establish a persistent association

between the device and a mountpoint. Use the decrypted device, /dev/mapper/<name> in the

/etc/fstab file.

In many cases it is desirable to list devices in /etc/fstab by UUID or by a filesystem label. The

main purpose of this is to provide a constant identifier in the event that the device name (eg:

/dev/sda4) changes. LUKS device names in the form of /dev/mapper/luks-<luks_uuid> are

based only on the device's LUKS UUID, and are therefore guaranteed to remain constant. This fact

makes them suitable for use in /etc/fstab.

Title

For details on the format of the /etc/fstab file, read the fstab(5) man page.

29.5. Common Post -Inst allat ion T asks

The following sections are about common post-installation tasks.

29.5.1. Set a randomly generat ed key as an addit ional way t o access an

encrypt ed block device

These sections are about generating keys and adding keys.

29 .5 .1.1. Generat e a key

This will generate a 256-bit key in the file $HOME/keyfile.

dd if=/dev/urandom of=$HOME/keyfile bs=32 count=1

chmod 600 $HOME/keyfile

29 .5 .1.2. Add t he ke y t o an available ke yslo t o n t he e ncrypt ed de vice

cryptsetup luksAddKey <device> ~/keyfile

29.5.2. Add a new passphrase t o an exist ing device

cryptsetup luksAddKey <device>

After being prompted for any one of the existing passphrases for authentication, you will be prompted

to enter the new passphrase.

29.5.3. Remove a passphrase or key from a device

cryptsetup luksRemoveKey <device>

You will be prompted for the passphrase you wish to remove and then for any one of the remaining

passphrases for authentication.

Red Hat Ent erprise Linux 5 Inst allat ion G uide

278