I installed 13.2 on a separate / partition on my existing 13.1 system without bothering to configure a luks encrypted partition during the install. Once everything seemed to be working I went to add the encrypted partition in the partition manager, but found I couldn’t - the only option it gave me was to format the partition. I tried copying the relevant line from the 13.1 fstab to the 13.2 fstab and rebooting, but that didn’t help - the partition is not recognized on 13.2. Do I have to reinstall, this time configuring the partition during installation, or is there an easier way of getting it setup?
You also need to add partition to /etc/crypttab.
Thanks! After copying across /etc/crypttab I get a password box on reboot and the drive is mounted correctly.
I have a related problem. After installing OpenSuSE 13.2 I encrypted a USB stick with:
cryptsetup luksFormat /dev/sda1
cryptsetup luksOpen /dev/sdb1 my_secure_partition
mkfs.ext4 /dev/mapper/my_secure_parttition
mount /dev/mapper/elgar /secret
etc.
I am able to access and use the stick with no problem but it seems to be permanently mounted and umount with various mount points including /secret does nothing.
The problem I presume is because a crypttab file has not been created. I have searched everywhere for it.
I have also used cryptsetup luksUUID /dev/sdb1 and the UUID appears in /dev/mapper.
Can someone please tell me how to create /etc/crypttab ?
It is just a simple text file. You can create it with a text editor (as root). The command
man crypttab
should give you the format.
Here’s mine (I deleted all but one line, to keep it simpler):
cr_shared /dev/disk/by-id/ata-SAMSUNG_HD642JJ_S1JNJ90QA04749-part3 none none
The first field is the symbolic name. I can refer to the virtual device as “/dev/mapper/cr_shared”.
The second field is the actual partition device, best given as a “/dev/disk/by-id” name (I think you can alternatively use a “UUID=” name). The other two fields are different types of options, and “none” is a good value if you don’t know of any needed options.
Thanks Nrickert. as you suggested, I have made an entry in crypttab:
elgar /dev/disk/by-id/usb-_USB_Flash_Memory-0:0-part1 none none
I have also entered in fstab:
elgar /secret ext4 nofail 0 2
I can now run: mount /dev/mapper/elgar /secret and umount /secret successfully but they appear to do nothing because, if I umount, I can still access elgar.or the flash drive. I’m not too bothered because the mounting procedure seems unnecessary. However I should like to know why this is the case.
From this distance, it is hard to guess.
Other software, such as a file manager, can mount as requested by the user. If you don’t want that, you have to tell the system to forget the encryption key
# cryptsetup luksClose elgar
Thanks for your help. Good thought to close elgar on the other hand I extract the stick when finished working and when I use again it asks for the key.