modprobe aes-x86_64 (or aes_i56 for other cpu type) modprobe dm_mod modprobe dm_crypt
You can do this automatically in /etc/rc.local during boot-up.
Test if AES module is running:
cat /proc/crypto
Test if dm_crypt is running:
dmsetup targets
With program cryptsetup you can create, remove, resize a device. To cipher /dev/sdc2 with 256-bit-aes use (be aware that all data on this partition will be lost):
cryptsetup create mysecuredata /dev/sdc2
Afterwards you find the virtual device /dev/mapper/mysecuredata and you can format it with ext2:
mkfs.ext2 /dev/mapper/mysecuredata mount /dev/mapper/mysecuredata /mnt/mysecuredata
To deactivate the device:
umount /mnt/mysecuredata cryptsetup remove mysecuredata
To reactivate the device:
cryptsetup create mysecuredata /dev/sdc2 mount /dev/mapper/mysecuredata /mnt/mysecuredata
With dm-crypt you can also cipher a container or a swap-device.
Container:
dd if=/dev/urandom of=container bs=1024k count=10 losetup /dev/loop4 container cryptsetup -y create container /dev/loop4 mkfs.ext2 /dev/mapper/container mount /dev/mapper/container /mnt/container ... umount ... cryptsetup remove container losetup -d /dev/loop4
SWAP-device:
vim /etc/init.d/mountall.sh
replace swapon -a 2 /dev/null with
cryptsetup -c blowfish -s 64 -d /dev/urandom create swap0 /dev/hda4
mkswap /dev/mapper/swap0
swapon /dev/mapper/swap0
After next boot test the loop device with:
ls -lA /dev/mapper | grep swap0
and if swap device is being used:
cat /proc/swaps /dev/mapper/swap0 ...