On 28.06.2006 08:16:02, Dirk Heinrichs wrote: > Am Montag, 26. Juni 2006 08:00 schrieb ext White Raven: > > Is the only way using dd (somethink like dd if=/dev/mapper/_dev_sda5 of= > > /root/sda5 then recreating partition and key with cryptsetup-luks and dd > > backup back after that)? Or is there some easier way, just to modify > > /etc/security/pam_mount.conf and so? > > Don't use the dd method!!! It may work (and in fact, it worked for me > several times) but it may also fail badly. Backup the data, (re-)create the > encrypted partition, copy back the data. Using dd to encrypt data TO luks is tricky, since you have the offset of the LUKS data on the beginning of the partition. So simply using dd like above will _not_ work. You need something like this: http://scavenger.homeip.net/~blindcoder/luks.sh.txt Which works like this: Say this is your harddisk/partition: --------------------------------- | FS | FS | FS | FS | --------------------------------- Your filesystem uses all the available space in there. You need to shrink the filesystem with the appropriate resize tool first (resize2fs, resize_reiserfs). --------------------------------- | FS | FS | FS | Free | --------------------------------- Now you can use the above script. It will move the filesystem by the exact amount of sectors LUKS needs. Let's say for simplicitys sake that one box is the amount of sectors LUKS needs: --------------------------------- | FS1 | FS2 | FS3 | Free | --------------------------------- | |-------| V --------------------------------- | FS1 | FS2 | FS3 | FS3 | --------------------------------- | |-------| V --------------------------------- | FS1 | FS2 | FS2 | FS3 | --------------------------------- | |-------| V --------------------------------- | FS1 | FS1 | FS2 | FS3 | --------------------------------- It will then create the LUKS header in the first "box": --------------------------------- | LUKS | FS1 | FS2 | FS3 | --------------------------------- At last, it will create the LUKS mapper device and encrypt the data. You can then mount it like any other LUKS filesystem. Of course, you should use resize again to make the filesystem fill the entire available space. The tricky thing is moving the filesystem, because you need to start at the end of the filesystem. dd starts at the beginning by which you would overwrite all sectors with the contents of the first one, effectively destroying your precious data. Greetings, Benjamin -- Benjamin 'blindCoder' Schieder Registered Linux User #289529: http://counter.li.org finger blindcoder@xxxxxxxxxxxxxxxxxxxx | gpg --import -- /lusr/bin/brain: received signal: SIGIDIOT
Attachment:
pgpTsqQmhDfdd.pgp
Description: PGP signature
