Skip to main content

Encrypting Storage Devices

Hands-On Lab

 

Photo of Ermin Kreponic

Ermin Kreponic

Training Architect

Length

00:30:00

Difficulty

Advanced

In this hands-on lab, we will learn how to encrypt a storage medium, such as a USB stick or SD card. When a storage device is encrypted, no one can access the data on it without the correct key. That way, even if you lose the device, the data on the device will remain secret.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Encrypting Storage Devices

Introduction

In this hands-on lab, we will learn how to encrypt a storage medium, such as a USB stick or SD card. When a storage device is encrypted, no one can access the data on it without the correct key. That way, even if you lose the device, the data on the device will remain secret.

Connecting to the Lab

  1. Open your terminal application, and run the following command (remember to replace <PUBLIC_IP> with the public IP you were provided on the lab instructions page):
    ssh cloud_user@<PUBLIC_IP>
  2. Type yes at the prompt.
  3. Enter your cloud_user password at the prompt.

Install the cryptsetup Utility

  1. Run the following command:
    sudo yum install cryptsetup-luks
  2. Enter your cloud_user password at the prompt.

Encrypt and Format the Storage Device

  1. List all of the available storage devices.
    sudo fdisk -l
  2. Locate the device that is approximately 10 GB in size and has no partitions. Copy the device name to your clipboard.
  3. Encrypt and format the device.
    sudo cryptsetup -y -v luksFormat <DEVICE_NAME>
  4. Type YES at the prompt.
  5. Enter a passphrase at the next two prompts.

Configure the Storage Device

  1. Open the device.
    sudo cryptsetup luksOpen <DEVICE_NAME> LA
  2. Enter the device passphrase at the prompt.
  3. Verify that the device is mapped out.
    ll -l /dev/mapper/LA
  4. Check the status of the device.
    sudo cryptsetup -v status LA
  5. Find the header information for the device.
    sudo cryptsetup luksDump <DEVICE_NAME>
  6. Clear the device.
    sudo dd if=/dev/zero of=/dev/mapper/LA bs=128
  7. Create a filesystem on the device.
    sudo mkfs.ext4 /dev/mapper/LA
  8. Create a new directory to serve as the mount point.
    mkdir LA
  9. Mount the filesystem.
    sudo mount /dev/mapper/LA LA/
  10. Change to the LA directory.
    cd LA
  11. List the contents of the LA directory.
    ll -la
  12. Create a test file.
    sudo touch test
  13. List the contents of the LA directory.
    ls

Unmount and Lock the Device

  1. Change to the home directory.
    cd ..
  2. List the mounted drives.
    df -H
  3. Unmount the device.
    sudo umount LA/
  4. Lock the device.
    sudo cryptsetup luksClose LA
  5. Attempt to mount the device again.
    sudo mount /dev/mapper/LA LA/

Conclusion

Congratulations, you've successfully completed this hands-on lab!