[[managing_hard_drive_encryption_on_linux]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
managing_hard_drive_encryption_on_linux [2023/09/19 15:36] ac1mdemanaging_hard_drive_encryption_on_linux [2023/10/23 14:42] (current) ac1mde
Line 1: Line 1:
 ====Hard drive encryption on Linux==== ====Hard drive encryption on Linux====
  
-We are required to use hard drive encryption on all devices allocated to members of the department, so that if the device is lost or stolen, the data is inaccessible. Unlike on Windows and Mac, with Linux it is necessary to set a passphrase to decrypt the hard drive on boot-up. We keep list of the passphrases so we can access the hard drive in the event of a problem or the user losing the passphrase.+We are required to use hard drive encryption on all devices allocated to members of the department, so that if the device is lost or stolen, the data is inaccessible. Unlike on Windows and Mac, with Linux it is necessary to set a passphrase to decrypt the hard drive on boot-up. Your Linux PC/laptop will have come with one. The support team also keeps spreadsheet of all the passphrases so we can access the hard drive in the event of a problem or the user losing the passphrase.
  
 These passphrases are randomly generated so are hard to remember. It is possible, however, to add your own passphrase to the drive encryption, so it can be unlocked with something that's easy to remember. It could even be the same passphrase as your DCS login, although re-using passphrases is generally discouraged. These passphrases are randomly generated so are hard to remember. It is possible, however, to add your own passphrase to the drive encryption, so it can be unlocked with something that's easy to remember. It could even be the same passphrase as your DCS login, although re-using passphrases is generally discouraged.
Line 8: Line 8:
  
 <code> <code>
-ac1mde@dcs31652:~$ sudo cat /etc/crypttab+user@computer:~$ sudo cat /etc/crypttab
 nvme0n1p3_crypt UUID=fd11d274-d095-4a29-a5aa-9e06514a18fe none luks,discard nvme0n1p3_crypt UUID=fd11d274-d095-4a29-a5aa-9e06514a18fe none luks,discard
 </code> </code>
  
-The encrypted partition is nvme0n1p3_crypt (//yours will likely be different!//). The device node path associated with this is /dev/nvme0n1p3. This is needed in the next command which allows you to add your own passphrase to the 'crypted partition. Using this example, the command is:+Copy the UUID it shows you and use it in this command:
  
 <code> <code>
-sudo cryptsetup luksAddKey /dev/nvme0n1p3+sudo cryptsetup luksAddKey UUID=fd11d274-d095-4a29-a5aa-9e06514a18fe
 </code> </code>
  
-//Make sure you use your own device instead of the one in the example.//+//Make sure you use your own UUID instead of the one in the example.//
 It will ask for the currently set passphrase, and then you can enter your own that you want to use. To check you can use it, reboot the computer and enter your new passphrase when it asks to unlock the drive. It will ask for the currently set passphrase, and then you can enter your own that you want to use. To check you can use it, reboot the computer and enter your new passphrase when it asks to unlock the drive.
  
 Assuming it works, the final stage is to dispose of any hard copies you may have of the original hard-to-remember passphrase! Assuming it works, the final stage is to dispose of any hard copies you may have of the original hard-to-remember passphrase!
  
managing_hard_drive_encryption_on_linux.1695134215.txt.gz · Last modified: 2023/09/19 15:36 by ac1mde
Show pageOld revisions
Media ManagerBack to top
Public Domain
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0