LUKS: Difference between revisions
(13 intermediate revisions by the same user not shown) | |||
Line 10: | Line 10: | ||
===Encrypting a device=== | ===Encrypting a device=== | ||
<syntaxhighlight lang="bash"> | |||
# Examples | |||
cryptsetup -v | DEVICE=/dev/sda | ||
NAME=arr1 | |||
# Setup encryption | |||
cryptsetup -v luksFormat "${DEVICE}" | |||
# Open encrypted drive to /dev/mapper/$NAME | |||
cryptsetup open "${DEVICE}" "${NAME}" | cryptsetup open "${DEVICE}" "${NAME}" | ||
# Create a partition | |||
mkfs.btrfs /dev/mapper/${NAME} | |||
mkfs. | mount -t btrfs /dev/mapper/${NAME} /media/${NAME} | ||
# Fill the drive to overwrite any existing raw data (optional) | |||
dd if=/dev/zero of=/media/$NAME/file status=progress | |||
</syntaxhighlight> | |||
dd if=/dev/zero of= | |||
</ | |||
===Mounting=== | ===Mounting=== | ||
< | <syntaxhighlight lang="bash"> | ||
# Open the encrypted drive | # Open the encrypted drive | ||
cryptsetup open "${DEVICE}" "${NAME}" | cryptsetup open "${DEVICE}" "${NAME}" | ||
# Mount your partition | # Mount your partition | ||
mount -t | mount -t btrfs /dev/mapper/${NAME} "${MOUNT_LOCATION}" | ||
</ | </syntaxhighlight> | ||
===Unmounting=== | ===Unmounting=== | ||
< | <syntaxhighlight lang="bash"> | ||
# Unmount your partition | # Unmount your partition | ||
umount "${MOUNT_LOCATION}" | umount "${MOUNT_LOCATION}" | ||
# Close the decrypted drive | # Close the decrypted drive | ||
cryptsetup close ${NAME} | cryptsetup close ${NAME} | ||
</ | </syntaxhighlight> | ||
===Encrpytion Options=== | ===Encrpytion Options=== | ||
Line 56: | Line 50: | ||
* <code>--type</code> [https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt options] | * <code>--type</code> [https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt options] | ||
** <code>luks</code> defaults to <code>luks1</code> on cryptsetup < 2.1.0, <code>luks2</code> on cryptsetup >= 2.1.0 | ** <code>luks</code> defaults to <code>luks1</code> on cryptsetup < 2.1.0, <code>luks2</code> on cryptsetup >= 2.1.0 | ||
** <code>luks1</code> is the | ** <code>luks1</code> is the old version of LUKS. | ||
** <code>luks2</code> is | ** <code>luks2</code> is the current version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2. | ||
** <code>plain</code> is dm-crypt plain mode. Avoid this unless you know what you're doing. | ** <code>plain</code> is dm-crypt plain mode. Avoid this unless you know what you're doing. | ||
** <code>loopaes</code> Avoid this as well. | ** <code>loopaes</code> Avoid this as well. | ||
** <code>tcrypt</code> Use this for mounting older truecrypt volumes. | ** <code>tcrypt</code> Use this for mounting older truecrypt volumes. | ||
* <code>--iter-time</code> dynamically determines the number of iterations used to hash your password. The number of iterations is determined when creating the luks key. E.g. <code>5000</code> means hash for 5 seconds | * <code>--iter-time</code> dynamically determines the number of iterations used to hash your password. The number of iterations is determined when creating the luks key. E.g. <code>5000</code> means hash for 5 seconds worth of iterations on your particular CPU. You can see the number of iterations for each key with <code>cryptsetup luksDump <device></code>. | ||
{{ hidden | defaults | | {{ hidden | defaults | | ||
Line 79: | Line 73: | ||
</pre> | </pre> | ||
{{ hidden | Example Output | | {{ hidden | Example Output (i7-12700K) | | ||
<pre> | <pre> | ||
# Tests are approximate using memory only (no storage IO). | # Tests are approximate using memory only (no storage IO). | ||
PBKDF2-sha1 | PBKDF2-sha1 3057072 iterations per second for 256-bit key | ||
PBKDF2-sha256 | PBKDF2-sha256 6452775 iterations per second for 256-bit key | ||
PBKDF2-sha512 | PBKDF2-sha512 2432890 iterations per second for 256-bit key | ||
PBKDF2-ripemd160 | PBKDF2-ripemd160 1289761 iterations per second for 256-bit key | ||
PBKDF2-whirlpool | PBKDF2-whirlpool 1148495 iterations per second for 256-bit key | ||
argon2i | argon2i 13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) | ||
argon2id | argon2id 13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) | ||
# Algorithm | Key | Encryption | Decryption | # Algorithm | Key | Encryption | Decryption | ||
aes-cbc 128b | aes-cbc 128b 1976.6 MiB/s 7781.1 MiB/s | ||
serpent-cbc 128b | serpent-cbc 128b 136.8 MiB/s 993.0 MiB/s | ||
twofish-cbc 128b | twofish-cbc 128b 291.3 MiB/s 646.8 MiB/s | ||
aes-cbc 256b | aes-cbc 256b 1507.6 MiB/s 6406.3 MiB/s | ||
serpent-cbc 256b | serpent-cbc 256b 138.2 MiB/s 984.0 MiB/s | ||
twofish-cbc 256b | twofish-cbc 256b 295.3 MiB/s 647.1 MiB/s | ||
aes-xts 256b | aes-xts 256b 6021.9 MiB/s 5909.9 MiB/s | ||
serpent-xts 256b | serpent-xts 256b 855.7 MiB/s 887.4 MiB/s | ||
twofish-xts 256b | twofish-xts 256b 597.8 MiB/s 608.0 MiB/s | ||
aes-xts 512b | aes-xts 512b 5521.2 MiB/s 5505.7 MiB/s | ||
serpent-xts 512b | serpent-xts 512b 870.2 MiB/s 897.9 MiB/s | ||
twofish-xts 512b | twofish-xts 512b 602.9 MiB/s 607.1 MiB/s | ||
</pre> | </pre> | ||
}} | }} | ||
==Adiantum== | ==Adiantum== | ||
If you're running a device which does not support AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum<ref name="adiantum">Google Blog: Introducing Adiantum: Encryption for the Next Billion Users [https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html]</ref>. | If you're running a device which does not support hardware accelerated AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum<ref name="adiantum">Google Blog: Introducing Adiantum: Encryption for the Next Billion Users [https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html]</ref>. | ||
Adiantum is an encryption mode by Google which uses ChaCha12 for block encryption. | Adiantum is an encryption mode by Google which uses ChaCha12 for block encryption. | ||
It is included in Linux kernel v5.0. | It is included in Linux kernel v5.0. | ||
Line 119: | Line 113: | ||
;Benchmark<ref>[https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/ https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/]</ref> | ;Benchmark<ref>[https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/ https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/]</ref> | ||
<pre> | <pre> | ||
cryptsetup benchmark -c xchacha12,aes-adiantum | cryptsetup benchmark -c xchacha12,aes-adiantum | ||
</pre> | </pre> | ||
Line 141: | Line 135: | ||
} | } | ||
mount_luks | mount_luks btrfs /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
}} | }} |
Latest revision as of 14:00, 18 April 2023
LUKS encryption
Getting Started
See Archwiki: dm-crypt/Device encryption.
Install cryptsetup
sudo apt install cryptsetup
Encrypting a device
# Examples
DEVICE=/dev/sda
NAME=arr1
# Setup encryption
cryptsetup -v luksFormat "${DEVICE}"
# Open encrypted drive to /dev/mapper/$NAME
cryptsetup open "${DEVICE}" "${NAME}"
# Create a partition
mkfs.btrfs /dev/mapper/${NAME}
mount -t btrfs /dev/mapper/${NAME} /media/${NAME}
# Fill the drive to overwrite any existing raw data (optional)
dd if=/dev/zero of=/media/$NAME/file status=progress
Mounting
# Open the encrypted drive
cryptsetup open "${DEVICE}" "${NAME}"
# Mount your partition
mount -t btrfs /dev/mapper/${NAME} "${MOUNT_LOCATION}"
Unmounting
# Unmount your partition
umount "${MOUNT_LOCATION}"
# Close the decrypted drive
cryptsetup close ${NAME}
Encrpytion Options
- You can see defaults using
cryptsetup --help
. --type
optionsluks
defaults toluks1
on cryptsetup < 2.1.0,luks2
on cryptsetup >= 2.1.0luks1
is the old version of LUKS.luks2
is the current version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.plain
is dm-crypt plain mode. Avoid this unless you know what you're doing.loopaes
Avoid this as well.tcrypt
Use this for mounting older truecrypt volumes.
--iter-time
dynamically determines the number of iterations used to hash your password. The number of iterations is determined when creating the luks key. E.g.5000
means hash for 5 seconds worth of iterations on your particular CPU. You can see the number of iterations for each key withcryptsetup luksDump <device>
.
defaults
defaults on Ubuntu 18.04
Default compiled-in device cipher parameters: loop-AES: aes, Key 256 bits plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: ripemd160 LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing: sha256, RNG: /dev/urandom
Benchmark
cryptsetup benchmark
Example Output (i7-12700K)
# Tests are approximate using memory only (no storage IO). PBKDF2-sha1 3057072 iterations per second for 256-bit key PBKDF2-sha256 6452775 iterations per second for 256-bit key PBKDF2-sha512 2432890 iterations per second for 256-bit key PBKDF2-ripemd160 1289761 iterations per second for 256-bit key PBKDF2-whirlpool 1148495 iterations per second for 256-bit key argon2i 13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) argon2id 13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) # Algorithm | Key | Encryption | Decryption aes-cbc 128b 1976.6 MiB/s 7781.1 MiB/s serpent-cbc 128b 136.8 MiB/s 993.0 MiB/s twofish-cbc 128b 291.3 MiB/s 646.8 MiB/s aes-cbc 256b 1507.6 MiB/s 6406.3 MiB/s serpent-cbc 256b 138.2 MiB/s 984.0 MiB/s twofish-cbc 256b 295.3 MiB/s 647.1 MiB/s aes-xts 256b 6021.9 MiB/s 5909.9 MiB/s serpent-xts 256b 855.7 MiB/s 887.4 MiB/s twofish-xts 256b 597.8 MiB/s 608.0 MiB/s aes-xts 512b 5521.2 MiB/s 5505.7 MiB/s serpent-xts 512b 870.2 MiB/s 897.9 MiB/s twofish-xts 512b 602.9 MiB/s 607.1 MiB/s
Adiantum
If you're running a device which does not support hardware accelerated AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum[1].
Adiantum is an encryption mode by Google which uses ChaCha12 for block encryption.
It is included in Linux kernel v5.0.
- Creation
cryptsetup -v --type luks2 --cipher xchacha12,aes-adiantum --sector-size 4096 \ --key-size 256 --hash sha512 --iter-time 5000 --use-urandom \ --verify-passphrase luksFormat <device>
- Benchmark[2]
cryptsetup benchmark -c xchacha12,aes-adiantum
Scripts
mount_drives.sh
#!/bin/bash
function mount_luks {
local fstype=$1
local device=$2
local name=$3
local mountpoint=$4
if [ ! -b /dev/mapper/"$name" ]
then
sudo cryptsetup open "$device" "$name"
fi
sudo mkdir -p "$mountpoint"
sudo mount -t $fstype /dev/mapper/"$name" "$mountpoint"
}
mount_luks btrfs /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1
unmount_drives.sh
#!/bin/bash
function unmount_luks {
local name=$1
local mountlocation=$2
sudo umount "$mountlocation" && \
sudo rm -r "$mountlocation"
sudo cryptsetup close "$name"
}
unmount_luks lukscrypt1 /media/lukscrypt1
Resources
References
- ↑ Google Blog: Introducing Adiantum: Encryption for the Next Billion Users https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html
- ↑ https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/