LUKS: Difference between revisions

From David's Wiki
Line 4: Line 4:
See [[Archwiki: dm-crypt/Device encryption]].
See [[Archwiki: dm-crypt/Device encryption]].


===Encrypting a device===
* Setup encryption
<pre>
<pre>
cryptsetup -v --type luks --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
cryptsetup -v --type luks --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
           --iter-time 3000 --use-urandom --verify-passphrase luksFormat <device>
           --iter-time 3000 --use-urandom --verify-passphrase luksFormat <device>
</pre>
* Open encrypted drive
<pre>
cryptsetup open <device> <name>
</pre>
* Create a partition
<pre>
mkfs.fstype /dev/mapper/<name>
# E.g.
# mkfs.ext4 /dev/mapper/luksdrive1
</pre>
===Mounting===
<pre>
cryptsetup open <device> <name>
mount -t <fstype> /dev/mapper/<name> <mountlocation>
</pre>
===Unmounting===
<pre>
umount <mountlocation>
cryptsetup close <name>
</pre>
</pre>


==Resources==
==Resources==
* [https://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/ nixCraft How To Linux Hard Disk Encryption With LUKS]
* [https://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/ nixCraft How To Linux Hard Disk Encryption With LUKS]

Revision as of 02:50, 26 July 2020

LUKS encryption

Getting Started

See Archwiki: dm-crypt/Device encryption.

Encrypting a device

  • Setup encryption
cryptsetup -v --type luks --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
           --iter-time 3000 --use-urandom --verify-passphrase luksFormat <device>
  • Open encrypted drive
cryptsetup open <device> <name>
  • Create a partition
mkfs.fstype /dev/mapper/<name>
# E.g.
# mkfs.ext4 /dev/mapper/luksdrive1

Mounting

cryptsetup open <device> <name>
mount -t <fstype> /dev/mapper/<name> <mountlocation>

Unmounting

umount <mountlocation>
cryptsetup close <name>

Resources