13.2 add luks encrypted partion after install

I installed 13.2 on a separate / partition on my existing 13.1 system without bothering to configure a luks encrypted partition during the install. Once everything seemed to be working I went to add the encrypted partition in the partition manager, but found I couldn’t - the only option it gave me was to format the partition. I tried copying the relevant line from the 13.1 fstab to the 13.2 fstab and rebooting, but that didn’t help - the partition is not recognized on 13.2. Do I have to reinstall, this time configuring the partition during installation, or is there an easier way of getting it setup?

You also need to add partition to /etc/crypttab.

Thanks! After copying across /etc/crypttab I get a password box on reboot and the drive is mounted correctly.

I have a related problem. After installing OpenSuSE 13.2 I encrypted a USB stick with:

cryptsetup luksFormat /dev/sda1
cryptsetup luksOpen /dev/sdb1 my_secure_partition
mkfs.ext4 /dev/mapper/my_secure_parttition
mount /dev/mapper/elgar /secret

I am able to access and use the stick with no problem but it seems to be permanently mounted and umount with various mount points including /secret does nothing.
The problem I presume is because a crypttab file has not been created. I have searched everywhere for it.

I have also used cryptsetup luksUUID /dev/sdb1 and the UUID appears in /dev/mapper.

Can someone please tell me how to create /etc/crypttab ?

It is just a simple text file. You can create it with a text editor (as root). The command

man crypttab

should give you the format.

Here’s mine (I deleted all but one line, to keep it simpler):

cr_shared /dev/disk/by-id/ata-SAMSUNG_HD642JJ_S1JNJ90QA04749-part3 none       none

The first field is the symbolic name. I can refer to the virtual device as “/dev/mapper/cr_shared”.

The second field is the actual partition device, best given as a “/dev/disk/by-id” name (I think you can alternatively use a “UUID=” name). The other two fields are different types of options, and “none” is a good value if you don’t know of any needed options.

Thanks Nrickert. as you suggested, I have made an entry in crypttab:
elgar /dev/disk/by-id/usb-_USB_Flash_Memory-0:0-part1 none none

I have also entered in fstab:
elgar /secret ext4 nofail 0 2

I can now run: mount /dev/mapper/elgar /secret and umount /secret successfully but they appear to do nothing because, if I umount, I can still access elgar.or the flash drive. I’m not too bothered because the mounting procedure seems unnecessary. However I should like to know why this is the case. :wink:

From this distance, it is hard to guess.

Other software, such as a file manager, can mount as requested by the user. If you don’t want that, you have to tell the system to forget the encryption key

# cryptsetup luksClose elgar

Thanks for your help. Good thought to close elgar on the other hand I extract the stick when finished working and when I use again it asks for the key. :slight_smile: