LUKS: Difference between revisions

From David's Wiki
 
(23 intermediate revisions by the same user not shown)
Line 4: Line 4:
See [[Archwiki: dm-crypt/Device encryption]].
See [[Archwiki: dm-crypt/Device encryption]].


===Encrypting a device===
===Install cryptsetup===
* Setup encryption
<pre>
<pre>
cryptsetup -v --type luks1 --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
sudo apt install cryptsetup
          --iter-time 5000 --use-urandom --verify-passphrase luksFormat <device>
</pre>
</pre>


* Open encrypted drive
===Encrypting a device===
<pre>
<syntaxhighlight lang="bash">
cryptsetup open <device> <name>
# Examples
</pre>
DEVICE=/dev/sda
NAME=arr1
 
# Setup encryption
cryptsetup -v luksFormat "${DEVICE}"
 
# Open encrypted drive to /dev/mapper/$NAME
cryptsetup open "${DEVICE}" "${NAME}"
 
# Create a partition
mkfs.btrfs /dev/mapper/${NAME}
mount -t btrfs /dev/mapper/${NAME} /media/${NAME}
 
# Fill the drive to overwrite any existing raw data (optional)
dd if=/dev/zero of=/media/$NAME/file status=progress
</syntaxhighlight>


* Create a partition
===Mounting===
<pre>
<syntaxhighlight lang="bash">
mkfs.fstype /dev/mapper/<name>
# Open the encrypted drive
# E.g.
cryptsetup open "${DEVICE}" "${NAME}"
# mkfs.ext4 /dev/mapper/luksdrive1
# Mount your partition
</pre>
mount -t btrfs /dev/mapper/${NAME} "${MOUNT_LOCATION}"
</syntaxhighlight>


* Securely wipe the unused portion of the drive
===Unmounting===
** Do this to prevent cryptographic attacks and to overwrite existing data on the drive
<syntaxhighlight lang="bash">
<pre>
# Unmount your partition
dd if=/dev/zero of=<file_somewhere> status=progress
umount "${MOUNT_LOCATION}"
# Delete the file afterwards
# Close the decrypted drive
</pre>
cryptsetup close ${NAME}
</syntaxhighlight>


===Encrpytion Options===


;Notes
* You can see defaults using <code>cryptsetup --help</code>.
* You can see defaults using <code>cryptsetup --help</code>.
* <code>--type</code> [https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt options]
* <code>--type</code> [https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt options]
** <code>luks</code> defaults to <code>luks1</code> on cryptsetup < 2.1.0, <code>luks2</code> on cryptsetup >= 2.1.0
** <code>luks</code> defaults to <code>luks1</code> on cryptsetup < 2.1.0, <code>luks2</code> on cryptsetup >= 2.1.0
** <code>luks1</code> is the standard version of LUKS.
** <code>luks1</code> is the old version of LUKS.
** <code>luks2</code> is a new version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.
** <code>luks2</code> is the current version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.
** <code>plain</code> is dm-crypt plain mode. Avoid this unless you know what you're doing.
** <code>plain</code> is dm-crypt plain mode. Avoid this unless you know what you're doing.
** <code>loopaes</code> Avoid this as well.
** <code>loopaes</code> Avoid this as well.
** <code>tcrypt</code> Use this for mounting older truecrypt volumes.
** <code>tcrypt</code> Use this for mounting older truecrypt volumes.
* <code>--iter-time</code> dynamically determines the number of iterations used to hash your password. The number of iterations is determined when creating the luks key. E.g. <code>5000</code> means hash for 5 seconds worth of iterations on your particular CPU. You can see the number of iterations for each key with <code>cryptsetup luksDump &lt;device&gt;</code>.


{{ hidden | defaults |
{{ hidden | defaults |
Line 51: Line 68:
}}
}}


===Mounting===
==Benchmark==
<pre>
cryptsetup benchmark
</pre>
 
{{ hidden | Example Output (i7-12700K) |
<pre>
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1      3057072 iterations per second for 256-bit key
PBKDF2-sha256    6452775 iterations per second for 256-bit key
PBKDF2-sha512    2432890 iterations per second for 256-bit key
PBKDF2-ripemd160 1289761 iterations per second for 256-bit key
PBKDF2-whirlpool 1148495 iterations per second for 256-bit key
argon2i      13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id    13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
#    Algorithm |      Key |      Encryption |      Decryption
        aes-cbc        128b      1976.6 MiB/s      7781.1 MiB/s
    serpent-cbc        128b      136.8 MiB/s      993.0 MiB/s
    twofish-cbc        128b      291.3 MiB/s      646.8 MiB/s
        aes-cbc        256b      1507.6 MiB/s      6406.3 MiB/s
    serpent-cbc        256b      138.2 MiB/s      984.0 MiB/s
    twofish-cbc        256b      295.3 MiB/s      647.1 MiB/s
        aes-xts        256b      6021.9 MiB/s      5909.9 MiB/s
    serpent-xts        256b      855.7 MiB/s      887.4 MiB/s
    twofish-xts        256b      597.8 MiB/s      608.0 MiB/s
        aes-xts        512b      5521.2 MiB/s      5505.7 MiB/s
    serpent-xts        512b      870.2 MiB/s      897.9 MiB/s
    twofish-xts        512b      602.9 MiB/s      607.1 MiB/s
</pre>
}}
 
==Adiantum==
If you're running a device which does not support hardware accelerated AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum<ref name="adiantum">Google Blog: Introducing Adiantum: Encryption for the Next Billion Users [https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html]</ref>. 
Adiantum is an encryption mode by Google which uses ChaCha12 for block encryption.
It is included in Linux kernel v5.0.
 
;Creation
<pre>
<pre>
# Open the encrypted drive
cryptsetup -v --type luks2 --cipher xchacha12,aes-adiantum --sector-size 4096 \
cryptsetup open <device> <name>
          --key-size 256 --hash sha512 --iter-time 5000 --use-urandom \
# Mount your partition
          --verify-passphrase luksFormat <device>
mount -t <fstype> /dev/mapper/<name> <mountlocation>
</pre>
</pre>


===Unmounting===
;Benchmark<ref>[https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/ https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/]</ref>
<pre>
<pre>
# Unmount your partition
cryptsetup benchmark -c xchacha12,aes-adiantum
umount <mountlocation>
# Close the decrypted drive
cryptsetup close <name>
</pre>
</pre>


Line 86: Line 135:
}
}


mount_luks ext4 /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1
mount_luks btrfs /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1
</syntaxhighlight>
</syntaxhighlight>
}}
}}
Line 97: Line 146:
     local name=$1
     local name=$1
     local mountlocation=$2
     local mountlocation=$2
     sudo umount "$mountlocation"
     sudo umount "$mountlocation" && \
    sudo rm -r "$mountlocation"
     sudo cryptsetup close "$name"
     sudo cryptsetup close "$name"
    sudo rm -r "$mountlocation"
}
}


unmount_luks lukscrypt1 /media/lukscrypt1
unmount_luks lukscrypt1 /media/lukscrypt1
</syntaxhighlight>
</syntaxhighlight>
}}


==Resources==
==Resources==
* [https://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/ nixCraft How To Linux Hard Disk Encryption With LUKS]
* [https://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/ nixCraft How To Linux Hard Disk Encryption With LUKS]
==References==

Latest revision as of 14:00, 18 April 2023

LUKS encryption

Getting Started

See Archwiki: dm-crypt/Device encryption.

Install cryptsetup

sudo apt install cryptsetup

Encrypting a device

# Examples
DEVICE=/dev/sda
NAME=arr1

# Setup encryption
cryptsetup -v luksFormat "${DEVICE}"

# Open encrypted drive to /dev/mapper/$NAME
cryptsetup open "${DEVICE}" "${NAME}"

# Create a partition
mkfs.btrfs /dev/mapper/${NAME}
mount -t btrfs /dev/mapper/${NAME} /media/${NAME}

# Fill the drive to overwrite any existing raw data (optional)
dd if=/dev/zero of=/media/$NAME/file status=progress

Mounting

# Open the encrypted drive
cryptsetup open "${DEVICE}" "${NAME}"
# Mount your partition
mount -t btrfs /dev/mapper/${NAME} "${MOUNT_LOCATION}"

Unmounting

# Unmount your partition
umount "${MOUNT_LOCATION}"
# Close the decrypted drive
cryptsetup close ${NAME}

Encrpytion Options

  • You can see defaults using cryptsetup --help.
  • --type options
    • luks defaults to luks1 on cryptsetup < 2.1.0, luks2 on cryptsetup >= 2.1.0
    • luks1 is the old version of LUKS.
    • luks2 is the current version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.
    • plain is dm-crypt plain mode. Avoid this unless you know what you're doing.
    • loopaes Avoid this as well.
    • tcrypt Use this for mounting older truecrypt volumes.
  • --iter-time dynamically determines the number of iterations used to hash your password. The number of iterations is determined when creating the luks key. E.g. 5000 means hash for 5 seconds worth of iterations on your particular CPU. You can see the number of iterations for each key with cryptsetup luksDump <device>.
defaults

defaults on Ubuntu 18.04 

Default compiled-in device cipher parameters:
	loop-AES: aes, Key 256 bits
	plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: ripemd160
	LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing: sha256, RNG: /dev/urandom

Benchmark

cryptsetup benchmark
Example Output (i7-12700K)
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1      3057072 iterations per second for 256-bit key
PBKDF2-sha256    6452775 iterations per second for 256-bit key
PBKDF2-sha512    2432890 iterations per second for 256-bit key
PBKDF2-ripemd160 1289761 iterations per second for 256-bit key
PBKDF2-whirlpool 1148495 iterations per second for 256-bit key
argon2i      13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id     13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
#     Algorithm |       Key |      Encryption |      Decryption
        aes-cbc        128b      1976.6 MiB/s      7781.1 MiB/s
    serpent-cbc        128b       136.8 MiB/s       993.0 MiB/s
    twofish-cbc        128b       291.3 MiB/s       646.8 MiB/s
        aes-cbc        256b      1507.6 MiB/s      6406.3 MiB/s
    serpent-cbc        256b       138.2 MiB/s       984.0 MiB/s
    twofish-cbc        256b       295.3 MiB/s       647.1 MiB/s
        aes-xts        256b      6021.9 MiB/s      5909.9 MiB/s
    serpent-xts        256b       855.7 MiB/s       887.4 MiB/s
    twofish-xts        256b       597.8 MiB/s       608.0 MiB/s
        aes-xts        512b      5521.2 MiB/s      5505.7 MiB/s
    serpent-xts        512b       870.2 MiB/s       897.9 MiB/s
    twofish-xts        512b       602.9 MiB/s       607.1 MiB/s

Adiantum

If you're running a device which does not support hardware accelerated AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum[1].
Adiantum is an encryption mode by Google which uses ChaCha12 for block encryption. It is included in Linux kernel v5.0.

Creation
cryptsetup -v --type luks2 --cipher xchacha12,aes-adiantum --sector-size 4096 \
           --key-size 256 --hash sha512 --iter-time 5000 --use-urandom \
           --verify-passphrase luksFormat <device>
Benchmark[2]
cryptsetup benchmark -c xchacha12,aes-adiantum

Scripts

mount_drives.sh
#!/bin/bash

function mount_luks {
    local fstype=$1
    local device=$2
    local name=$3
    local mountpoint=$4
    if [ ! -b /dev/mapper/"$name" ]
    then
        sudo cryptsetup open "$device" "$name"
    fi
    sudo mkdir -p "$mountpoint"
    sudo mount -t $fstype /dev/mapper/"$name" "$mountpoint"
}

mount_luks btrfs /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1
unmount_drives.sh
#!/bin/bash

function unmount_luks {
    local name=$1
    local mountlocation=$2
    sudo umount "$mountlocation" && \
    sudo rm -r "$mountlocation"
    sudo cryptsetup close "$name"
}

unmount_luks lukscrypt1 /media/lukscrypt1

Resources

References

  1. Google Blog: Introducing Adiantum: Encryption for the Next Billion Users https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html
  2. https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/
Retrieved from "https://wiki.davidl.me/index.php?title=LUKS&oldid=6604"