Is LUKS/cryptsetup’s `hddname` (or `name`) simply an arbitrary label used during the session

encryptionluks

This is a very simple question about LUKS encryption.

My Fedora 15 system uses LUKS over the root, home and swap LVM partitions. To access these partitions from a boot cd, for example, its necessary to open LUKS with the command,

# cryptsetup luksOpen /dev/<drive> <hddname>

Can this hddname be anything? More specifically, when I look at the output of the command lsblk -a my install has no labels.

Another tutorial listed the hddname as cryptroot, and I've been able to open LUKS with this name. Only I get the impression this is arbitrary.

I'm having trouble with mounting an encrypted LVM partition and I'm confused about the vocabulary 'name space', so to speak, of LUKS and LVM.

Best Answer

You can use any hddname you want, as long as it is not already used.

The cryptsetup manpage says about luksOpen <device> <name>:

opens the LUKS partition <device> and sets up a mapping <name> after successful verification of the supplied key material

You can check currently used mappings with ls -al /dev/mapper/. Additionally, pvdisplay, vgdisplay, and lvdisplay can provide useful information.

Short guide to mount encrypted logical volumes

If you created a logical volume on top of dm-crypt:

cryptsetup luksOpen <encrypted_device> <any_name>
vgchange -ay
mount /dev/mapper/<logical_volume> <mount_target>

Step 2 enables all available logical volumes and may be omitted.

If you used dm-crypt on top of a logical volume:

vgchange -ay
cryptsetup luksOpen <encrypted_logical_volume> <any_name>
mount /dev/mapper/<any_name> <target>

Best Answer

Short guide to mount encrypted logical volumes

Related Solutions

Linux – How to use a keyfile on a removable USB drive for the encrypted root in Debian

Fedora15 – Help me understand how cryptsetup and LVM interact

Related Question