How to backup on removable hard drisk using centos and luks encription

Hardware and software


Centos 6.3 pc with ESATA port and ESATA docking station

create an encription key

Step one. Create a secret Key


create a lukskey for encripting. this needs to be done once and the key should be kept on a cd for future encription and decription. Without this key not possible to decript.

Create random key file for encription
dd if=/dev/urandom of=/root/lukskeyfile bs=1024 count=4
take md5sum of /root/lukskeyfile for future verification
md5sum /root/lukskeyfile > /root/lukskeyfile-md5


Step two. Backup upto 2 TB Portable hard drive (For above 2TB use 64bit encription. Any size hard drive)


1. login as root

2. fdisk -l

3. connect 2TB portable hard drive to ESATA docking station

4. fidsk -l  to get the device location. assuming protable HD is /dev/sdc

5. cat /dev/zero > /dev/sdc   this will format the portable hard drive.  wait couple of hours to finish.

6. create a new partition  fdisk /dev/sdc    enter n,p,1, select full, w, exit

fdisk -l /dev/sdc

7. format and encript /dev/sdc1 for luks use
cryptsetup -y luksFormat /dev/sdc1 /root/lukskeyfile luks encripted volume and give the volume a name "secretvolume"
cryptsetup --key-file /root/lukskeyfile luksOpen /dev/sdc1 secretvolume
secretvolume is the name for luks volume and should be located in /dev/mapper/secretvolume
cryptsetup luksDump /dev/sdc1
ls /dev/mapper/

9.Format the secret volume for stroring data.
mkfs.etx4 -m 1 /dev/mapper/secretvolume

Create a folder to mount encripted volume
mkdir -p /mnt/encripted/luksbackup
chmod o-rwx -R /mnt/encripted
10. mount /dev/mapper/secretvolume /mnt/encripted/luksbackup

Backup Data


12.  rsync -avh /home      /mnt/encripted/luksbackup/

 rsync -avh -e ssh remote source     /mnt/encripted/luksbackup/


Removing portable hard drive after backup done


13.  unmount ext4 volume
 umount /mnt/encripted/luksbackup
14. unmount luks volume
cryptsetup luksClose /dev/mapper/secretvolume
15.power down hard drive before removing
hdparm -y /dev/sdc
16. label the hard drive and keep in a safe place

17. To do a daily automated backup, use a sytem like dell power edge 720xd (4000$-24 hard drive slote) and prefomat the individual hard drive with luks. save backupdata to different hard drive each day.