磁盘的安全加密[阮胜昌]

用LUKS对磁盘进行加密
安装软件：
[root@node201 ~]# yum install cryptsetup

先用fdisk 划分空间，先不要创建文件系统
1.初始化新分区，设置加密密码(加密分区)
[root@node201 ~]# cryptsetup luksFormat /dev/hdc2

WARNING!
========
This will overwrite data on /dev/hdc2 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.

2.启用加密的分区(映射分区)
[root@node201 ~]# cryptsetup luksOpen /dev/hdc2 hdc2     hdc2为加密分区的名称     //打开映射
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.

[root@node201 ~]# cd /dev/mapper/
[root@node201 mapper]# ls
control  hdc2                               
[root@node201 mapper]# pwd
/dev/mapper                                      //已在mapper下生成了加密分区的名称

3.在加密分区上创建文件系统
[root@node201 mapper]# mkfs -t ext3 /dev/mapper/hdc2

4.创建目录mount点，挂载文件系统
[root@node201 /]# mount /dev/mapper/hdc2 /mnt/hdc2

5.加密分区不使用时，可以锁定加密的卷(关闭映射，先卸载后关闭)
umount /mnt/hdc2
cryptsetup luksClose hdc2                                     //关闭映射

如果直接mount ,则不行;
[root@node201 /]# mount /dev/hdc2 /mnt/hdc2
mount: unknown filesystem type 'crypt_LUKS'