I just got an RMA code from ebuyer for my two 1Tb hard disks, so I decided I’d better nuke and encrypt my not-quite-dead-yet drive so when I send it back, they have no way to recover the data (e.g. read my emails/banking!) the totally-dead drive was already encrypted before it died.

The commands are slightly different on Fedora10 than Ubuntu9 so not entirely the same as this post, plus I’m only using a passphrase not a key. It went something like this:

  1. Fill the disk with random data to make sure the unencrypted data is overwritten:
dd if=/dev/urandom of=/dev/sdb```

2. Create a new partition table:

fdisk /dev/sdb```

3. Encrypt the new partition:

cryptsetup luksFormat  /dev/sdb1```

4. Open the encrypted partition, this also creates a device mapping:

cryptsetup luksOpen /dev/sdb1 data```

5. Create a filesystem on the partition, give it a disk label:

mkfs.jfs -L data /dev/mapper/data```

6. Update /etc/crypttab – if you use the same passphrase as the root volume, Fedora will automatically open all LUKS containers that match that passphrase at boot. To find the UUID look in /dev/disk/by-uuid/:

data UUID=123d1c3d-4b5b-4fed-b6a1-c1bbd45bb22b none```

  1. Update /etc/fstab, so the filesystem gets mounted at boot:
/dev/mapper/data /mnt/data jfs defaults 1 2```

I'm now rsycing the data back onto the drive from the fileserver, 500Gb is going to take some time even over gigabit…..

I've also updated this blog to WordPress [2.8.5](http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/).

I've downloaded [CentOS](http://centos.org/) 5.4 ISO's and am currently upgrading one of my Virtual Machines from 5.3