RHEL6 – More on Cryptsetup and Luks — Removing Encryption

Old-lockWay back in the day — back in March of two thousand-naught-eleven, I added a blog post on how to encrypt a partion using crypsetup and luks on RHEL. Its title, ironically enought was, RHEL, How to Encrypt a Partition Using Cryptsetup and Luks.

Today we are going to talk about how to revert an encyrpted partion back to its unencrypted state so that i can use my usb drive normally again.

# cryptsetup status freeagent
/dev/mapper/freeagent is active.
  type:    LUKS1
  cipher:  aes-cbc-essiv:sha256
  keysize: 256 bits
  device:  /dev/sdd1
  offset:  4096 sectors
  size:    2930267906 sectors
  mode:    read/write

First take note of the device name and the name the dev mapper has given the device. The former is /dev/sdd1 and the latter is /dev/mapper/freeagent.

So first lets remove the key file mapping. You will be prompted for your LUKS passphrase

#cryptsetup luksRemoveKey /dev/sdd1
Enter LUKS passphrase to be deleted:

Then lets remove the dev/mapper mapping for /dev/sdd1. Once complete we are free to create a new filesystem on the disk as needed.

#cryptsetup remove /dev/mapper/freeagent /dev/sdd1

 

Disk Encryption: High-impact Strategies – What You Need to Know: Definitions, Adoptions, Impact, Benefits, Maturity, Vendors

Removing a Virtual Disk from CentOS/RHEL via vSphere Client

PxdxaDisco08 When you right click on a VM via the vSphere client and click edit setting you will see your hard disk enumerated as follows:

Hard disk 1 - Virtual Disk

Hard disk 2 - Virtual Disk

However CentOS/RHEL enumerates your disks using a different nomenclature. See below:

Disk /dev/sda: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1        1044     8385898+  83  Linux
/dev/sda2            1045        2349    10482412+  83  Linux
/dev/sda3            2350        2610     2096482+  82  Linux swap

Disk /dev/sdb: 268.4 GB, 268435456000 bytes
255 heads, 63 sectors/track, 32635 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1       32635   262140606   83  Linux

[[truncated]]

While you can assume that the your first disk listed in ESX is your first disk listed via the OS, this is not always the case. You can attempt to compare disk sizes to further determine which disk is which, however the sizes do not always match up.

The best way to identify disks is via the Virtual Device Node, which is visible via the virtual disk properties in ESX and via the command lsscsi in Centos/OS.

More than likely lsscsi is not installed via default so you are going to either need to install via yum, or download a rpm and install. Once installed run as seen below

>lsscsi
[0:0:0:0]    disk    VMware   Virtual disk     1.0   /dev/sda
[0:0:1:0]    disk    VMware   Virtual disk     1.0   /dev/sdb
[0:0:2:0]    disk    VMware   Virtual disk     1.0   /dev/sdc
[0:0:3:0]    disk    VMware   Virtual disk     1.0   /dev/sdd

The first two numbers are unique to the scsi controller and the second two numbers indicate the disk number which can be seen in the disk properties in the vsphere client properties.

For example in vmware Hard disk 4 has a virtual device id of “SCSI (0:3) Hard Disk 4, and by running lsscsi I know for sure that this disk is /dev/sdd. Now I can remove the disk with confidence from esx and have to worry that I removed the wrong disk.