![[Tip]](./stylesheet-images/tip.png) | Latest Release Notes on the Web |
|---|---|
These release notes may be updated. Visit http://docs.fedoraproject.org/release-notes/ to view the latest release notes for Fedora. |
Fedora 7 provides basic support for encrypted swap partitions and
non-root file systems. To use it, add entries to
/etc/crypttab and reference the created devices in
/etc/fstab.
![[Note]](./stylesheet-images/note.png) | Encrypted FS Support Unavailable During Install |
|---|---|
Enable file system encryption after installation. Anaconda does not have support for creating encrypted block devices. |
The following example shows an /etc/crypttab entry for
a swap partition:
my_swap /dev/sdb1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
This creates an encrypted block device
/dev/mapper/my_swap, which can be referenced in
/etc/fstab. The next example shows an entry for a
filesystem volume:
my_volume /dev/sda5 /etc/volume_key cipher=aes-cbc-essiv:sha256
The /etc/volume_key file contains a plaintext
encryption key. You can also specify none as the key
file name, and the system instead asks for the encryption key during
boot.
The recommended method is to use LUKS for file system
volumes: (using LUKS you can drop the
cipher= part in
crypttab).
Create the encrypted volume using
cryptsetup luksFormatAdd the necessary entry to
/etc/crypttabSet up the volume manually using
cryptsetup luksOpenor rebootCreate a filesystem on the encrypted volume
Set up an
/etc/fstabentry