Create Mapping of ProtectApp LUKS Device
Note
From ProtectApp LUKS 8.5.0 onwards, LUKS2 is the default type that supports disk encryption. However, the legacy LUKS1 can be used with cryptsetup command using the option --type luks1.
To create a mapping of the volume, execute the following command. It prompts for a passphrase and creates the mapping. After executing this command, the encrypted device is ready to be mounted/remounted and used.
cryptsetup luksOpen /dev/<disk_name> backup
For Legacy LUKS1, execute the following command:
cryptsetup luksOpen /dev/<disk_name> backup --type luks1
Note
To open the encrypted volume, you need a target (backup in this case). However, target name can be anything based on your requirement.
This command interacts with ProtectApp to retrieve the stored keys to perform luksOpen.
View the Mapping Name
After successful verification of the supplied key material which was created with luksFormat command, run the following command to see a mapping name:
ls -l /dev/mapper/backup
View the Mapping Status
Use the following command to see the status for the mapping:
cryptsetup -v status backup
Format ProtectApp LUKS Partition
To format ProtectApp LUKS partition, write zeros to /dev/mapper/backup encrypted device. This allocates block data with zeros and ensures that outside world sees this as random data i.e. it protects against disclosure of usage patterns.
mkfs.ext4 /dev/mapper/backup
mkdir /backup
mount /dev/mapper/backup /backup
df -H
cd /backup
ls –l
Unmount Partition
To unmount partition and secure data, run the following commands:
cd ..
umount /backup
