Encrypt an external HD an mount it at boot



I’d like to store encrypted data on an external hard drive plugged to a Rapberry pi. For the moment, only my rootfs is crypted and secured via Zymkey.

I found a python script create_zk_crypt_vol which seems to be out of date.

I’d like the encryption key to be the same as the one used to crypt the root fs on the SD card and mount it once the system is booted.

How can I do that?



I managed to do it.:grinning:


Great ! Can you share the python script you used ?



I had a look in Zymbit installation shell scripts to understand and I did via bash command line.

The prerequisite is of course that everything is configured properly and the rootfs is crypted as documented by Zymbit.

I will also assume that a USB Disk in connected to a USB port on the RPI and that it has 1 partition called /dev/sda1.
Also, we will call the crypted device cryptfs

#first you unlock the key
/sbin/zkunlockifs /var/lib/zymbit/key.bin.lock >key.bin

#set the key to partition
cat ./key.bin | cryptsetup -q -v luksFormat /dev/sda1 -

#open the device
cryptsetup luksOpen -q -v --debug /dev/sda1 cryptfs --key-file=$PWD/key.bin

#crypt the partition
mkfs.ext4 -j /dev/mapper/cryptfs

#check it worked
mount /dev/mapper/cryptfs /media