https://wiki.bwt.com.de/index.php?action=history&feed=atom&title=Encrypting_An_Existing_PartitionEncrypting An Existing Partition - Revision history2026-05-13T20:46:56ZRevision history for this page on the wikiMediaWiki 1.43.0https://wiki.bwt.com.de/index.php?title=Encrypting_An_Existing_Partition&diff=7&oldid=prevBrainwreckedTech: 1 revision2014-01-06T01:52:15Z<p>1 revision</p>
<p><b>New page</b></p><div>=Prep=<br />
<br />
While sing dd to blank the partition using /dev/zero is usually quick, using dd to fill a drive with random data using the cryptographically-secure /dev/urandom can take a long time. To wit, a Via 1.2GHz C7 7-watt single-core CPU would have taken 6&frac12; days to fill a 500GB drive using /dev/urandom. An AMD 2.8GHz Anthlon II quad-core CPU took 4&frac12; hours. You may wish to move the drive to a faster computer.<br />
<br />
#Comment-out appropriate entries in /etc/fstab<br />
#Shut down the computer the drive originated from.<br />
#Remove the drive.<br />
#Restart the computer the drive came from if you need it.<br />
#Power off the target computer the drive will be temporarily installed to.<br />
#Install the drive in the faster computer.<br />
#Boot into Linux on the faster computer.<br />
#Run <code>sudo fdisk -l</code> to list the partition of all drives.<br />
<br />
Alternatively, you can just leave the drive where it's at and unmount the device.<br />
<br />
sudo umount [mount-point]<br />
<br />
=Wipe=<br />
<br />
Protect against data recovery by blanking the partition.<br><br />
The extra ampersand at the end will allow the process to run in the background and spit out a process ID number.<br />
<br />
sudo dd if=/dev/zero of=/dev/sd[a-z][0-9] bs=1M &<br />
<br />
The bigger the partition, the longer dd takes.<br><br />
If you want to check the progress of the process at any time, issue this command<br />
<br />
sudo kill -USR1 [process-id]<br />
<br />
Protect agains physical hackery by filling the partition with random data.<br><br />
This makes it tougher to tell which parts contain encrypted data and which do not.<br />
<br />
dd if=/dev/urandom of=/dev/sd[a-z][0-9] bs=1M &<br />
<br />
=Crypt & Format=<br />
<br />
Run this command to set up the encrypted partition:<br />
<br />
cryptsetup -y -c aes-cbc-essiv:sha256 luksFormat /dev/sd[a-z][0-9]<br />
<br />
Re-mount the encrypted partition:<br />
<br />
cryptsetup luksOpen /dev/sd[a-z][0-9] [name]<br />
<br />
Format the partition:<br />
<br />
mkfs -t [filesystem] /dev/mapper/[name]<br />
<br />
=Configuation=<br />
<br />
Edit /etc/crypttab and add an entry<br />
<br />
[name] UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none luks<br />
<br />
Edit /etc/fstab and add an entry<br />
<br />
/dev/mapper/[name] [mount-point] defaults 0 2<br />
<br />
Update the initrd image.<br />
<br />
sudo update-initramfs -u</div>BrainwreckedTech