I'd like to create one-time encrypted partition with a random key which will be wiped on reboot. I found a manual about swap encryption, but swap is just a block device which doesn't have any file system on it. Also I found full system encryption which is unacceptable, I want only one partition. Both methods are not my case.
How to create one? As far as I understand (I'm not Linux professional) I can't directly use fstab/crypttab directly because I need to format the partition after creation every time when the machine is booting up. A kind of script? Are there any pitfalls?
EDIT: Not sure if type of encryption (block/filesystem) matters so long as any saved data is encrypted. If distrib matters: Debian Stretch. TLDR: I want clean ext4 partition mounted somewhere after reboot which data is encrypted by random key.
Swap is actually very close to what you want — with swap, you put the swap flag in /etc/crypttab, which tells the boot up scripts to run mkswap on the block device at boot.
You basically want the same thing, but with mkfs instead of mkswap. At least here, that's already supported with the tmp[=fstype] flag. You can check the manual page (man 5 crypttab) to see what's supported on your system.
So, this should work:
some_name /dev/sdaX /dev/urandom cipher=aes-xts-plain64,size=512,tmp=ext4
and then in /etc/fstab, you'd mount /dev/mapper/some_name wherever.
BTW: An alternative is tmpfs, which keeps the data in memory. Probably swapable, though, so you'll need either no swap or encrypted swap.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments