Debian RAID 5 + Encryption

Sun, Mar 13, 2011 One-minute read

This is a little summary about what I did to create an encrypted RAID 5 device on my file server.

First of all I had to install mdadm and cryptsetup.

apt-get install mdadm cryptsetup

The next step is to create the RAID 5, this is an example of my configuration.

mdadm –-create /dev/md0 –-level=5 -–raid-disks=3 /dev/sdb /dev/sdc /dev/sdd

Now it’s time for the encryption, I’ll call my encrypted RAID 5 device raid1 because I will have 2 raids. You can name it as you like.

cryptsetup create -c twofish-cbc-essiv:sha256 raid1 /dev/md0

The filesystem is still missing. (If you have Debian Lenny, you have to use ext4dev for ext4. More information about it here.)

mke2fs -t ext4 /dev/mapper/raid1

That’s all, now mount it.

mount /dev/mapper/raid1 /media/raid1

If you need to close the container, use the following commands (remember, these are my settings, yours may be different).

umount /media/raid1
cryptsetup remove raid1 /dev/md0

You have to recreate the cryptodrive on every reboot. You have to use exact the same password! There is no message like “wrong password”.

I wrote a little shell script to make it easier. Content of

cryptsetup create -c twofish-cbc-essiv:sha256 raid1 /dev/md0
mount /dev/mapper/raid1 /media/raid1

Just to mention, these two German blogs helped me a lot to get started: