5,295
edits
LUKS: Difference between revisions
→Encrypting a device
| Line 7: | Line 7: | ||
* Setup encryption | * Setup encryption | ||
<pre> | <pre> | ||
cryptsetup -v --type | cryptsetup -v --type luks1 --cipher aes-xts-plain64 --key-size 512 --hash sha512 \ | ||
--iter-time 3000 --use-urandom --verify-passphrase luksFormat <device> | --iter-time 3000 --use-urandom --verify-passphrase luksFormat <device> | ||
</pre> | </pre> | ||
| Line 33: | Line 33: | ||
;Notes | ;Notes | ||
* You can see defaults using <code>cryptsetup --help</code>. | * You can see defaults using <code>cryptsetup --help</code>. | ||
* <code>--type</code> | * <code>--type</code> [https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt options] | ||
** | ** <code>luks</code> defaults to <code>luks1</code> on cryptsetup < 2.1.0, <code>luks2</code> on cryptsetup >= 2.1.0 | ||
** <code>luks1</code> is the standard version of LUKS. | |||
** <code>luks2</code> is a new version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2. | |||
** <code>plain</code> is dm-crypt plain mode. Avoid this unless you know what you're doing. | |||
** <code>loopaes</code> Avoid this as well. | |||
** <code>tcrypt</code> Use this for mounting older truecrypt volumes. | |||
{{ hidden | defaults | | {{ hidden | defaults | | ||