I just got an RMA code from ebuyer for my two 1Tb hard disks, so I decided I’d better nuke and encrypt my not-quite-dead-yet drive so when I send it back, they have no way to recover the data (e.g. read my emails/banking!) the totally-dead drive was already encrypted before it died.
The commands are slightly different on Fedora10 than Ubuntu9 so not entirely the same as this post, plus I’m only using a passphrase not a key. It went something like this:
- Fill the disk with random data to make sure the unencrypted data is overwritten:
dd if=/dev/urandom of=/dev/sdb``` 2. Create a new partition table: ```bash fdisk /dev/sdb``` 3. Encrypt the new partition: ```bash cryptsetup luksFormat /dev/sdb1``` 4. Open the encrypted partition, this also creates a device mapping: ```bash cryptsetup luksOpen /dev/sdb1 data``` 5. Create a filesystem on the partition, give it a disk label: ```bash mkfs.jfs -L data /dev/mapper/data``` 6. Update /etc/crypttab – if you use the same passphrase as the root volume, Fedora will automatically open all LUKS containers that match that passphrase at boot. To find the UUID look in /dev/disk/by-uuid/:
data UUID=123d1c3d-4b5b-4fed-b6a1-c1bbd45bb22b none```
- Update /etc/fstab, so the filesystem gets mounted at boot:
/dev/mapper/data /mnt/data jfs defaults 1 2``` I'm now rsycing the data back onto the drive from the fileserver, 500Gb is going to take some time even over gigabit….. I've also updated this blog to WordPress [2.8.5](http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/). I've downloaded [CentOS](http://centos.org/) 5.4 ISO's and am currently upgrading one of my Virtual Machines from 5.3