======建立Linux檔案系統加密Encrypt Disk======
Encrypt Disk是針對硬碟磁區做加密而非檔案加密,硬碟磁區的加密系統主要是以[[wp>LUKS|LUKS]]方式來加解密。LUKS 採用 kernel device mapper 下的 dm-crypt 子模組所完成。
因此可以先觀察看看此系統下是否以載入dm-crypt模組。
<code>
$ /sbin/lsmod|grep -i  'dm'

dm_crypt               17733  1 
rdma_cm                35833  1 ib_iser
ib_cm                  39853  1 rdma_cm
iw_cm                  13125  1 rdma_cm
ib_sa                  39349  2 rdma_cm,ib_cm
ib_core                63557  6 ib_iser,rdma_cm,ib_cm,iw_cm,ib_sa,ib_mad
ib_addr                11717  1 rdma_cm
dm_mirror              24649  0 
dm_multipath           26957  0 
scsi_dh                12481  1 dm_multipath
crypto_algapi          22721  6 cbc,cryptomgr,dm_crypt,testmgr,aead,crypto_blkcipher
crypto_api             12609  6 dm_crypt,xfrm_nalgo,testmgr,aead,crypto_blkcipher,crypto_algapi
dm_raid45              67401  0 
dm_message              6977  1 dm_raid45
dm_region_hash         15809  1 dm_raid45
dm_log                 14785  3 dm_mirror,dm_raid45,dm_region_hash
dm_mod                 63737  7 dm_crypt,dm_mirror,dm_multipath,dm_raid45,dm_log
dm_mem_cache            9921  1 dm_raid45
</code>
======所需套件======
  - cryptsetup
  - device-mapper
  - util-linux
<code>
觀察看看
$ rpm -qa|egrep -i '(cryptsetup|device-mapper|util-linux)'

util-linux-2.13-0.56.el5
device-mapper-1.02.63-4.el5
cryptsetup-luks-1.0.3-8.el5   --->主要工作指令
device-mapper-event-1.02.63-4.el5
device-mapper-multipath-0.4.7-46.el5_7.1
</code> 
<code>
$ rpm -ql cryptsetup-luks

/sbin/cryptsetup
/usr/lib/libcryptsetup.so.0
/usr/lib/libcryptsetup.so.0.0.0
/usr/share/doc/cryptsetup-luks-1.0.3
/usr/share/doc/cryptsetup-luks-1.0.3/AUTHORS
/usr/share/doc/cryptsetup-luks-1.0.3/COPYING
/usr/share/doc/cryptsetup-luks-1.0.3/ChangeLog
/usr/share/doc/cryptsetup-luks-1.0.3/INSTALL
/usr/share/doc/cryptsetup-luks-1.0.3/NEWS
/usr/share/doc/cryptsetup-luks-1.0.3/README
/usr/share/locale/de/LC_MESSAGES/cryptsetup-luks.mo
/usr/share/man/man8/cryptsetup.8.gz
</code>

======建立硬碟磁區加密======
  - 硬碟裝置格式化為LUKS
  - 開啟/dev/mapper與裝置硬碟的連結
  - 格式化一般檔案系統(ext3,ext4等等)
  - 掛載

用**dd** 及 **losetup** 先模擬一個裝置
<code>
#dd if=/dev/zero of=DiskTest bs=200M count=1
#losetup /dev/loop1 DiskTest
</code>

<code>
格式化LUKS
# /sbin/cryptsetup luksFormat /dev/loop1

WARNING!
========
This will overwrite data on /dev/loop1 irrevocably.

Are you sure? (Type uppercase yes):YES (記得大寫)
Enter LUKS passphrase:ali1234
Verify passphrase:ali1234
Command successful.
</code>

<code>
開啟連結
#/sbin/cryptsetup luksOpen /dev/loop1 Encdisk  (會在/dev/mapper/Encdisk建立)
Enter LUKS passphrase for /dev/loop1:ali1234 ( 鍵入剛建立的密碼)
key slot 0 unlocked.
Command successful.

</code>

<code>
格式化檔案系統
#mkfs -t ext3 /dev/mapper/Encdisk
</code>

<code>
掛載
#mount /dev/mapper/Encdisk /media/disk

#df -h 
~略~
/dev/mapper/Encdisk   194M  165M   20M  90% /media/disk
</code>

======卸載======
  -umount
  -脫離LUKS連結(一般到此步驟即可)
  -losetup 脫離
<code>
# umount /dev/mapper/Encdisk

#cryptsetup luksClose /dev/mapper/Encdisk

#losetup -d /dev/loop1
</code>

======再次掛載======
<code>
#losetup /dev/loop1 DiskTest

#mount /dev/loop1 /media/disk
mount: unknown filesystem type 'crypt_LUKS' (無法掛載，以變成LUKS格式)

＃cryptsetup luksOpen /dev/loop1 Encdisk
Enter LUKS passphrase for /dev/loop1:ali1234 (是不是要鍵入密碼，表成功達到加密效果)
key slot 0 unlocked.
Command successful.


#mount /dev/mapper/Encdisk /media/disk
</code>

======參考資料======
  - [[http://wiki.centos.org/zh-tw/HowTos/EncryptedFilesystem|EncryptedFilesystem(CentOS_wiki)]]
  - [[http://benjr.tw/node/564|Encrypt Disk]]