Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
(A) You can't run luksFormat on a partition that contains a currently mounted filesystem.
(B) luksFormat will destroy the existing filesystem on the partition. The first 1 or 2 megabytes of the filesystem will be overwritten.
There is a separate tool, cryptsetup-reencrypt, that can, under certain conditions, convert and existing unencrypted filesystem to an encrypted one. Read the manpage. Shrinking the existing filesystem slightly to make room for the LUKS header is a requirement. The process is slow, and will not tolerate hardware or kernel failures (You will lose your data unrecoverably.).
WARNING!
========
This will overwrite data on /dev/sda2 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Failed to setup dm-crypt key mapping.
Check kernel for support for the aes-xts-plain64 cipher spec and verify that /dev/sda2 contains at least 508 sectors.
Failed to write to key storage.
Command failed.
>> But it shows aes-xts-plain64 cipher error . do you please tell me why it shows ?
2) After that , I give the same comand without 'aes-xts-plain64' :
WARNING!
========
This will overwrite data on /dev/sda2 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Failed to setup dm-crypt key mapping.
Check kernel for support for the aes-xts-plain64 cipher spec and verify that /dev/sda2 contains at least 508 sectors.
Failed to write to key storage.
Command failed.
>> But it shows aes-xts-plain64 cipher error . do you please tell me why it shows ?
Apparently, your kernel lacks support for aes-xts-plain64.
Quote:
2) After that , I give the same comand without 'aes-xts-plain64' :
WARNING!
========
This will overwrite data on /dev/sda2 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.
You successfully created a LUKS container, but destroyed the filesystem that was previously in that partition. You were warned about that repeatedly. Hope you have good backups.
Quote:
3) Now I need to mount the /dev/sda2 filesyatem but got the below error :
[root@localhost ~]# mount /dev/sda2
mount: can't find /dev/sda2 in /etc/fstab or /etc/mtab
[root@localhost ~]# mount -a
mount: special device LABEL=/disk1 does not exist
If my encryption is done in right way , then How I can mount this filesystem ?
You can't. There is no filesystem there any more. You should be able to recover part of it from the remains by running "fsck.ext3 /dev/sda2", but a lot will end up in the lost+found directory and some will be unrecoverable.
The proper sequence for doing this is:
Save all of the files from the existing filesystem somewhere else.
Open the LUKS container by running "cryptsetup luksOpen /dev/sda2 some_name".
Create a new filesystem: "mkfs.ext3 -L /disk1 /dev/mapper/some_name".
Mount the filesystem: "mount /disk1".
Restore your data to the filesystem on /disk1.
Arranging for that LUKS container to be handled properly when the system boots can vary across different Linux distributions. You should probably modify the fstab entry to allow booting without that filesystem mounted:
WARNING!
========
This will overwrite data on /dev/sda3 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.
2) [root@localhost ~]# cryptsetup luksOpen /dev/sda3 endisk
Enter LUKS passphrase for /dev/sda3:
key slot 0 unlocked.
Command successful.
3) [root@localhost ~]# mkfs.ext3 -L /disk2 /dev/mapper/endisk
mke2fs 1.39 (29-May-2006)
Filesystem label=/disk2
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
396800 inodes, 792952 blocks
39647 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=813694976
25 block groups
32768 blocks per group, 32768 fragments per group
15872 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912
where the UUID matches what is returned by "cryptsetup luksUUID /dev/sda3". Using "none" in the password field will cause a prompt for the password during boot.
Note that RHEL 5.4 is really old (latest version is 5.11), and even 5.11 goes EOL in just a few months and will then be completely unsupported.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.