Kenyon Ralph

Encrypted backup

Documentation on my encrypted backup hard drive.

  1. Hardware
  2. Software
    1. Encryption
      1. Creation
      2. Use
    2. File system
      1. Creation
      2. Disconnecting
  3. References

Hardware

kenyon@einstein ~ % sudo smartctl --all --device=sat /dev/disk/by-id/ata-ST4000LM024-2AN17V_WCK0T8TG
smartctl 6.6 2016-05-31 r4324 [x86_64-linux-4.9.0-3-amd64] (local build)
Copyright (C) 2002-16, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Device Model:     ST4000LM024-2AN17V
Serial Number:    WCK0T8TG
LU WWN Device Id: 5 000c50 0a9957340
Firmware Version: 0001
User Capacity:    4,000,787,030,016 bytes [4.00 TB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Rotation Rate:    5526 rpm
Form Factor:      2.5 inches
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   ACS-3 T13/2161-D revision 5
SATA Version is:  SATA 3.1, 6.0 Gb/s (current: 3.0 Gb/s)
Local Time is:    Sun Jul 16 13:43:48 2017 PDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

Software

Encryption

Creation

sudo cryptsetup --verbose --verify-passphrase --use-random luksFormat /dev/disk/by-id/ata-ST4000LM024-2AN17V_WCK0T8TG-part1
sudo cryptsetup --verbose open --type luks /dev/disk/by-id/ata-ST4000LM024-2AN17V_WCK0T8TG-part1 bak

Use

Added to /etc/fstab:

/dev/mapper/bak       /bak            btrfs    user,noatime,noauto,x-systemd.automount 0   0

sudo cryptsetup --verbose open --type luks /dev/disk/by-id/ata-ST4000LM024-2AN17V_WCK0T8TG-part1 bak
sudo mount /bak

Add entry to /etc/crypttab:

bak UUID=c54be6ba-9f10-41b3-a95f-6115d6933df9 none luks,noauto

After making the crypttab entry: sudo cryptdisks_start bak && sudo mount /bak

Or: sudo systemctl start /bak

File system

Creation

After sudo cryptsetup --verbose open --type luks /dev/disk/by-id/ata-ST4000LM024-2AN17V_WCK0T8TG-part1 bak, I did sudo mkfs.btrfs --label bak /dev/mapper/bak.

Disconnecting

Before disconnecting the drive from the system, do this: sudo umount /bak && sudo cryptdisks_stop bak

Or: sudo systemctl stop /bak && sudo systemctl stop systemd-cryptsetup@bak

References

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License. Revision History.