How to backup on removable hard drisk using centos and luks encription

Hardware and software

-----------------------

Centos 6.3 pc with ESATA port and ESATA docking station

create an encription key

Step one. Create a secret Key

------------------------

create a lukskey for encripting. this needs to be done once and the key should be kept on a cd for future encription and decription. Without this key not possible to decript.

Create random key file for encription
dd if=/dev/urandom of=/root/lukskeyfile bs=1024 count=4
take md5sum of /root/lukskeyfile for future verification
md5sum /root/lukskeyfile > /root/lukskeyfile-md5

-------------------------------------------------

Step two. Backup upto 2 TB Portable hard drive (For above 2TB use 64bit encription. Any size hard drive)

-----------------------------------------------------------

1. login as root

2. fdisk -l

3. connect 2TB portable hard drive to ESATA docking station

4. fidsk -l  to get the device location. assuming protable HD is /dev/sdc

5. cat /dev/zero > /dev/sdc   this will format the portable hard drive.  wait couple of hours to finish.

6. create a new partition  fdisk /dev/sdc    enter n,p,1, select full, w, exit

fdisk -l /dev/sdc

7. format and encript /dev/sdc1 for luks use
cryptsetup -y luksFormat /dev/sdc1 /root/lukskeyfile

8.open luks encripted volume and give the volume a name "secretvolume"
cryptsetup --key-file /root/lukskeyfile luksOpen /dev/sdc1 secretvolume
secretvolume is the name for luks volume and should be located in /dev/mapper/secretvolume
cryptsetup luksDump /dev/sdc1
ls /dev/mapper/

9.Format the secret volume for stroring data.
mkfs.etx4 -m 1 /dev/mapper/secretvolume

Create a folder to mount encripted volume
mkdir -p /mnt/encripted/luksbackup
chmod o-rwx -R /mnt/encripted
10. mount /dev/mapper/secretvolume /mnt/encripted/luksbackup

Backup Data

----------------

12.  rsync -avh /home      /mnt/encripted/luksbackup/
or

 rsync -avh -e ssh remote source     /mnt/encripted/luksbackup/

-------------

Removing portable hard drive after backup done

--------------------------------------

13.  unmount ext4 volume
 umount /mnt/encripted/luksbackup
14. unmount luks volume
cryptsetup luksClose /dev/mapper/secretvolume
15.power down hard drive before removing
hdparm -y /dev/sdc
16. label the hard drive and keep in a safe place

17. To do a daily automated backup, use a sytem like dell power edge 720xd (4000$-24 hard drive slote) and prefomat the individual hard drive with luks. save backupdata to different hard drive each day.