revlis.nl
Stash of notes about OSS, OSes, virtualization, dev hobby projects &c
November 26, 2016 — 13:04
Linux Disk Encrption using Device Mapper, cryptsetup frontend and Linux Unified Key Setup LUKS (on disk format).
- dm-crypt:
- https://www.kernel.org/doc/Documentation/device-mapper/dm-crypt.txt
- https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
- dmsetup
- cryptsetup and LUKS:
Setup:
cryptsetup -y -v luksFormat /dev/sdb1 cryptsetup luksOpen /dev/sdb1 foo cryptsetup status foo -v
Test:
cryptsetup --test-passphrase open /dev/sdb1 # (non-LUKS)
cryptsetup luksOpen --test-passphrase /dev/sdb1 cryptsetup isLuks /dev/sdb1 && echo IMaLUKS cryptsetup luksDump /dev/sdb1
Change:
(asks current passphase first)
cryptsetup -y luksChangeKey <target device> -S <target key slot number> cryptsetup -y luksChangeKey /dev/sdb1 -S 1
Or use gui gnome-disks:
- Disks (gnome-disks)
- 1.0TB Hard Disk
- Volumes: “Partition 1 1.0 TB LUKS”
- Cogs/wheels
Add/remove key:
sudo cryptsetup -y luksAddKey ENCRYPTED_PARTITION sudo cryptsetup luksRemoveKey ENCRYPTED_PARTITION
Various:
dmsetup ls --tree lsblk lsblk --fs