2
I was following the following code from Does anyone know how to encrypt an existing partition in linux while preserving its data
$ cryptsetup open /dev/sda sda-crypt --type plain
$ dd if=/dev/sda of=/dev/mapper/sda-crypt bs=512
But I can't see how to mount this, with the passphrase, from the command line.
jdborg
Posted 2016-03-24T23:46:42.640
Reputation: 123
1
If it decrypts correctly to /dev/mapper/sda-crypt, and if it's a single partition, you should be able to just do this (after creating a mountpoint folder):
mount /dev/mapper/sda-crypt mountpoint
If it's a whole multi-partition disk image, then try kpartx to find & create more /dev/mapper entries for individual partitions.
SYNOPSIS
kpartx [-a | -d | -l] [-v] wholediskDESCRIPTION
This tool, derived from util-linux' partx, reads partition tables on specified device and create device maps over partitions segments detected. It is called from hotplug upon device maps creation and deletion.
So, in your example you'd try:
kpartx -v -a /dev/mapper/sda-crypt
That should create new "devices" for each partition, for example /dev/mapper/sda-cryptp1 and /dev/mapper/sda-cryptp2
Then create a mountpoint (folder) and do
mount /dev/mapper/sda-cryptp1 mountpoint
And when you're done, you need to unmount (umount) and then remove the devices with the -d "Delete partition mappings" option for kpartx.
I'm not entirely confident that your example of reading from & writing to the same device would even be successful, with other tools in bash that often results in "erasing" the target. You could check that it's an error free filesystem using fsck.
Of course, if it did overwrite the drive and failed somehow, there's no way to go back & try it again, you'll have to resort to your backup copy.
Xen2050
Posted 2016-03-24T23:46:42.640
Reputation: 12 097
mount /dev/mapper/sda-crypt /MOUNTPOINT_YOU_WANT? You need partprobe or so if it's partitioned though, and you could end up not being able to close it (except shutting down). It's a caveat of--type plain, or in other word, you shouldn't have done this in a full disk manner (but partition by partition). – Tom Yan – 2016-03-25T05:26:05.200@TomYan are partition problems a (the?) reason that many distros use LUKS & LVM together? – Xen2050 – 2016-03-25T08:15:29.583
Yeah, IIRC. I think I made a mistake btw. It's not just a caveat of
--type plain, but "full disk encryption" in general. Since cryptsetup will not probe the partitions for you after opening the disk, so you have to do it manually, and once you use utility like partprobe (or kpartx as @Xen2050 mentioned in his answer), you cannot "close" the partitions like what you can do to an LVM (AFAIK except from shutting down). – Tom Yan – 2016-03-25T08:35:56.993