I'd like to create one-time encrypted partition with a random key which will be wiped on reboot. I found a manual about swap encryption, but swap is just a block device which doesn't have any file system on it. Also I found full system encryption which is unacceptable, I want only one partition. Both methods are not my case.
How to create one? As far as I understand (I'm not Linux professional) I can't directly use fstab/crypttab directly because I need to format the partition after creation every time when the machine is booting up. A kind of script? Are there any pitfalls?
EDIT: Not sure if type of encryption (block/filesystem) matters so long as any saved data is encrypted. If distrib matters: Debian Stretch. TLDR: I want clean ext4 partition mounted somewhere after reboot which data is encrypted by random key.
Swap is actually very close to what you want — with swap, you put the swap
flag in /etc/crypttab
, which tells the boot up scripts to run mkswap
on the block device at boot.
You basically want the same thing, but with mkfs
instead of mkswap
. At least here, that's already supported with the tmp[=fstype]
flag. You can check the manual page (man 5 crypttab
) to see what's supported on your system.
So, this should work:
some_name /dev/sdaX /dev/urandom cipher=aes-xts-plain64,size=512,tmp=ext4
and then in /etc/fstab
, you'd mount /dev/mapper/some_name
wherever.
BTW: An alternative is tmpfs, which keeps the data in memory. Probably swapable, though, so you'll need either no swap or encrypted swap.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments