LUKS: Difference between revisions

(5 intermediate revisions by the same user not shown)

Line 16:

# Setup encryption

cryptsetup -v --type luks2 -~~-cipher aes-xts-plain64 --key-size 512 --hash sha512 \~~

cryptsetup --type luks2 -v luksFormat "${DEVICE}"

~~--iter-time 5000 --use-urandom --verify-passphrase~~ luksFormat "${DEVICE}"

# Open encrypted drive to /dev/mapper/$NAME

Line 24:

Line 23:

# Create a partition

mkfs.btrfs /dev/mapper/${NAME}

# Create a mountpoint and mount

mkdir -p /media/${NAME}

mount -t btrfs /dev/mapper/${NAME} /media/${NAME}

Line 51:

Line 53:

* <code>--type</code> [https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt options]

** <code>luks</code> defaults to <code>luks1</code> on cryptsetup < 2.1.0, <code>luks2</code> on cryptsetup >= 2.1.0

** <code>luks1</code> is the ~~standard~~ version of LUKS.

** <code>luks1</code> is the old version of LUKS.

** <code>luks2</code> is ~~a new~~ version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.

** <code>luks2</code> is the current version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.

** <code>plain</code> is dm-crypt plain mode. Avoid this unless you know what you're doing.

** <code>loopaes</code> Avoid this as well.

Line 114:

Line 116:

;Benchmark<ref>[https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/ https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/]</ref>

<pre>

cryptsetup benchmark -c xchacha12,aes-adiantum ~~-s 512~~

cryptsetup benchmark -c xchacha12,aes-adiantum

</pre>

@@ Line 16: / Line 16: @@
 # Setup encryption
-cryptsetup -v --type luks2 --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
+cryptsetup --type luks2 -v luksFormat "${DEVICE}"
-           --iter-time 5000 --use-urandom --verify-passphrase luksFormat "${DEVICE}"
 # Open encrypted drive to /dev/mapper/$NAME
@@ Line 24: / Line 23: @@
 # Create a partition
 mkfs.btrfs /dev/mapper/${NAME}
+# Create a mountpoint and mount
+mkdir -p /media/${NAME}
 mount -t btrfs /dev/mapper/${NAME} /media/${NAME}
@@ Line 51: / Line 53: @@
 * <code>--type</code> [https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt options]
 ** <code>luks</code> defaults to <code>luks1</code> on cryptsetup < 2.1.0, <code>luks2</code> on cryptsetup >= 2.1.0
-** <code>luks1</code> is the standard version of LUKS.
+** <code>luks1</code> is the old version of LUKS.
-** <code>luks2</code> is a new version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.
+** <code>luks2</code> is the current version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.
 ** <code>plain</code> is dm-crypt plain mode. Avoid this unless you know what you're doing.
 ** <code>loopaes</code> Avoid this as well.
@@ Line 114: / Line 116: @@
 ;Benchmark<ref>[https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/ https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/]</ref>
 <pre>
-cryptsetup benchmark -c xchacha12,aes-adiantum -s 512
+cryptsetup benchmark -c xchacha12,aes-adiantum
 </pre>