LUKS: Difference between revisions

From David's Wiki
 
(15 intermediate revisions by the same user not shown)
Line 10: Line 10:


===Encrypting a device===
===Encrypting a device===
* Setup encryption
<syntaxhighlight lang="bash">
<pre>
# Examples
cryptsetup -v --type luks1 --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
DEVICE=/dev/sda
          --iter-time 5000 --use-urandom --verify-passphrase luksFormat "${DEVICE}"
NAME=arr1
</pre>
 
# Setup encryption
cryptsetup -v luksFormat "${DEVICE}"


* Open encrypted drive
# Open encrypted drive to /dev/mapper/$NAME
<pre>
cryptsetup open "${DEVICE}" "${NAME}"
cryptsetup open "${DEVICE}" "${NAME}"
</pre>


* Create a partition
# Create a partition
<pre>
mkfs.btrfs /dev/mapper/${NAME}
mkfs.fstype "/dev/mapper/${NAME}"
mount -t btrfs /dev/mapper/${NAME} /media/${NAME}
# E.g.
# mkfs.ext4 /dev/mapper/luksdrive1
</pre>


* Securely wipe the unused portion of the drive
# Fill the drive to overwrite any existing raw data (optional)
** Do this to prevent cryptographic attacks and to overwrite existing data on the drive
dd if=/dev/zero of=/media/$NAME/file status=progress
<pre>
</syntaxhighlight>
dd if=/dev/zero of=<file_somewhere> status=progress
# Delete the file afterwards
</pre>


===Mounting===
===Mounting===
<pre>
<syntaxhighlight lang="bash">
# Open the encrypted drive
# Open the encrypted drive
cryptsetup open "${DEVICE}" "${NAME}"
cryptsetup open "${DEVICE}" "${NAME}"
# Mount your partition
# Mount your partition
mount -t ext4 /dev/mapper/${NAME} "${MOUNT_LOCATION}"
mount -t btrfs /dev/mapper/${NAME} "${MOUNT_LOCATION}"
</pre>
</syntaxhighlight>


===Unmounting===
===Unmounting===
<pre>
<syntaxhighlight lang="bash">
# Unmount your partition
# Unmount your partition
umount "${MOUNT_LOCATION}"
umount "${MOUNT_LOCATION}"
# Close the decrypted drive
# Close the decrypted drive
cryptsetup close ${NAME}
cryptsetup close ${NAME}
</pre>
</syntaxhighlight>


===Encrpytion Options===
===Encrpytion Options===
Line 56: Line 50:
* <code>--type</code> [https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt options]
* <code>--type</code> [https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt options]
** <code>luks</code> defaults to <code>luks1</code> on cryptsetup < 2.1.0, <code>luks2</code> on cryptsetup >= 2.1.0
** <code>luks</code> defaults to <code>luks1</code> on cryptsetup < 2.1.0, <code>luks2</code> on cryptsetup >= 2.1.0
** <code>luks1</code> is the standard version of LUKS.
** <code>luks1</code> is the old version of LUKS.
** <code>luks2</code> is a new version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.
** <code>luks2</code> is the current version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.
** <code>plain</code> is dm-crypt plain mode. Avoid this unless you know what you're doing.
** <code>plain</code> is dm-crypt plain mode. Avoid this unless you know what you're doing.
** <code>loopaes</code> Avoid this as well.
** <code>loopaes</code> Avoid this as well.
** <code>tcrypt</code> Use this for mounting older truecrypt volumes.
** <code>tcrypt</code> Use this for mounting older truecrypt volumes.


* <code>--iter-time</code> dynamically determines the number of iterations used to hash your password. The number of iterations is determined when creating the luks key. E.g. <code>5000</code> means hash for 5 seconds and use that many iterations. You can see the number of iterations for each key with <code>cryptsetup luksDump &lt;device&gt;</code>.
* <code>--iter-time</code> dynamically determines the number of iterations used to hash your password. The number of iterations is determined when creating the luks key. E.g. <code>5000</code> means hash for 5 seconds worth of iterations on your particular CPU. You can see the number of iterations for each key with <code>cryptsetup luksDump &lt;device&gt;</code>.


{{ hidden | defaults |
{{ hidden | defaults |
Line 79: Line 73:
</pre>
</pre>


{{ hidden | Example Output |
{{ hidden | Example Output (i7-12700K) |
<pre>
<pre>
# Tests are approximate using memory only (no storage IO).
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1      1213629 iterations per second for 256-bit key
PBKDF2-sha1      3057072 iterations per second for 256-bit key
PBKDF2-sha256    1524093 iterations per second for 256-bit key
PBKDF2-sha256    6452775 iterations per second for 256-bit key
PBKDF2-sha512    1082121 iterations per second for 256-bit key
PBKDF2-sha512    2432890 iterations per second for 256-bit key
PBKDF2-ripemd160 648069 iterations per second for 256-bit key
PBKDF2-ripemd160 1289761 iterations per second for 256-bit key
PBKDF2-whirlpool 421453 iterations per second for 256-bit key
PBKDF2-whirlpool 1148495 iterations per second for 256-bit key
argon2i       4 iterations, 875179 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2i     13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id     4 iterations, 889195 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id     13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
#    Algorithm |      Key |      Encryption |      Decryption
#    Algorithm |      Key |      Encryption |      Decryption
         aes-cbc        128b       542.7 MiB/s      2192.7 MiB/s
         aes-cbc        128b     1976.6 MiB/s      7781.1 MiB/s
     serpent-cbc        128b       67.3 MiB/s      459.9 MiB/s
     serpent-cbc        128b       136.8 MiB/s      993.0 MiB/s
     twofish-cbc        128b      140.6 MiB/s      285.8 MiB/s
     twofish-cbc        128b      291.3 MiB/s      646.8 MiB/s
         aes-cbc        256b       405.3 MiB/s      1701.8 MiB/s
         aes-cbc        256b     1507.6 MiB/s      6406.3 MiB/s
     serpent-cbc        256b       71.6 MiB/s      459.5 MiB/s
     serpent-cbc        256b       138.2 MiB/s      984.0 MiB/s
     twofish-cbc        256b      146.6 MiB/s      287.1 MiB/s
     twofish-cbc        256b      295.3 MiB/s      647.1 MiB/s
         aes-xts        256b      1421.6 MiB/s      1449.2 MiB/s
         aes-xts        256b      6021.9 MiB/s      5909.9 MiB/s
     serpent-xts        256b      455.9 MiB/s      444.0 MiB/s
     serpent-xts        256b      855.7 MiB/s      887.4 MiB/s
     twofish-xts        256b      284.2 MiB/s      286.3 MiB/s
     twofish-xts        256b      597.8 MiB/s      608.0 MiB/s
         aes-xts        512b      1187.2 MiB/s      1177.9 MiB/s
         aes-xts        512b      5521.2 MiB/s      5505.7 MiB/s
     serpent-xts        512b      454.7 MiB/s      446.1 MiB/s
     serpent-xts        512b      870.2 MiB/s      897.9 MiB/s
     twofish-xts        512b      284.9 MiB/s      286.5 MiB/s
     twofish-xts        512b      602.9 MiB/s      607.1 MiB/s
</pre>
</pre>
}}
}}


==Adiantum==
==Adiantum==
If you're running a device which does not support AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum<ref name="adiantum">Google Blog: Introducing Adiantum: Encryption for the Next Billion Users [https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html]</ref>.   
If you're running a device which does not support hardware accelerated AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum<ref name="adiantum">Google Blog: Introducing Adiantum: Encryption for the Next Billion Users [https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html]</ref>.   
Adiantum is an encryption mode by Google which uses ChaCha12 for block encryption.
Adiantum is an encryption mode by Google which uses ChaCha12 for block encryption.
It is included in Linux kernel v5.0.
It is included in Linux kernel v5.0.
Line 119: Line 113:
;Benchmark<ref>[https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/ https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/]</ref>
;Benchmark<ref>[https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/ https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/]</ref>
<pre>
<pre>
cryptsetup benchmark -c xchacha12,aes-adiantum -s 512
cryptsetup benchmark -c xchacha12,aes-adiantum
</pre>
</pre>


Line 141: Line 135:
}
}


mount_luks ext4 /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1
mount_luks btrfs /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1
</syntaxhighlight>
</syntaxhighlight>
}}
}}

Latest revision as of 14:00, 18 April 2023

LUKS encryption

Getting Started

See Archwiki: dm-crypt/Device encryption.

Install cryptsetup

sudo apt install cryptsetup

Encrypting a device

# Examples
DEVICE=/dev/sda
NAME=arr1

# Setup encryption
cryptsetup -v luksFormat "${DEVICE}"

# Open encrypted drive to /dev/mapper/$NAME
cryptsetup open "${DEVICE}" "${NAME}"

# Create a partition
mkfs.btrfs /dev/mapper/${NAME}
mount -t btrfs /dev/mapper/${NAME} /media/${NAME}

# Fill the drive to overwrite any existing raw data (optional)
dd if=/dev/zero of=/media/$NAME/file status=progress

Mounting

# Open the encrypted drive
cryptsetup open "${DEVICE}" "${NAME}"
# Mount your partition
mount -t btrfs /dev/mapper/${NAME} "${MOUNT_LOCATION}"

Unmounting

# Unmount your partition
umount "${MOUNT_LOCATION}"
# Close the decrypted drive
cryptsetup close ${NAME}

Encrpytion Options

  • You can see defaults using cryptsetup --help.
  • --type options
    • luks defaults to luks1 on cryptsetup < 2.1.0, luks2 on cryptsetup >= 2.1.0
    • luks1 is the old version of LUKS.
    • luks2 is the current version released in Dec 2017. Older versions of Grub (before 2.06 or June 2020) do not support booting from LUKS2.
    • plain is dm-crypt plain mode. Avoid this unless you know what you're doing.
    • loopaes Avoid this as well.
    • tcrypt Use this for mounting older truecrypt volumes.
  • --iter-time dynamically determines the number of iterations used to hash your password. The number of iterations is determined when creating the luks key. E.g. 5000 means hash for 5 seconds worth of iterations on your particular CPU. You can see the number of iterations for each key with cryptsetup luksDump <device>.
defaults

defaults on Ubuntu 18.04 

Default compiled-in device cipher parameters:
	loop-AES: aes, Key 256 bits
	plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: ripemd160
	LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing: sha256, RNG: /dev/urandom

Benchmark

cryptsetup benchmark
Example Output (i7-12700K)
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1      3057072 iterations per second for 256-bit key
PBKDF2-sha256    6452775 iterations per second for 256-bit key
PBKDF2-sha512    2432890 iterations per second for 256-bit key
PBKDF2-ripemd160 1289761 iterations per second for 256-bit key
PBKDF2-whirlpool 1148495 iterations per second for 256-bit key
argon2i      13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id     13 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
#     Algorithm |       Key |      Encryption |      Decryption
        aes-cbc        128b      1976.6 MiB/s      7781.1 MiB/s
    serpent-cbc        128b       136.8 MiB/s       993.0 MiB/s
    twofish-cbc        128b       291.3 MiB/s       646.8 MiB/s
        aes-cbc        256b      1507.6 MiB/s      6406.3 MiB/s
    serpent-cbc        256b       138.2 MiB/s       984.0 MiB/s
    twofish-cbc        256b       295.3 MiB/s       647.1 MiB/s
        aes-xts        256b      6021.9 MiB/s      5909.9 MiB/s
    serpent-xts        256b       855.7 MiB/s       887.4 MiB/s
    twofish-xts        256b       597.8 MiB/s       608.0 MiB/s
        aes-xts        512b      5521.2 MiB/s      5505.7 MiB/s
    serpent-xts        512b       870.2 MiB/s       897.9 MiB/s
    twofish-xts        512b       602.9 MiB/s       607.1 MiB/s

Adiantum

If you're running a device which does not support hardware accelerated AES instructions (e.g. Raspberry Pi), you may be interested in Adiantum[1].
Adiantum is an encryption mode by Google which uses ChaCha12 for block encryption. It is included in Linux kernel v5.0.

Creation
cryptsetup -v --type luks2 --cipher xchacha12,aes-adiantum --sector-size 4096 \
           --key-size 256 --hash sha512 --iter-time 5000 --use-urandom \
           --verify-passphrase luksFormat <device>
Benchmark[2]
cryptsetup benchmark -c xchacha12,aes-adiantum

Scripts

mount_drives.sh
#!/bin/bash

function mount_luks {
    local fstype=$1
    local device=$2
    local name=$3
    local mountpoint=$4
    if [ ! -b /dev/mapper/"$name" ]
    then
        sudo cryptsetup open "$device" "$name"
    fi
    sudo mkdir -p "$mountpoint"
    sudo mount -t $fstype /dev/mapper/"$name" "$mountpoint"
}

mount_luks btrfs /dev/disk/by-id/<drive> lukscrypt1 /media/lukscrypt1
unmount_drives.sh
#!/bin/bash

function unmount_luks {
    local name=$1
    local mountlocation=$2
    sudo umount "$mountlocation" && \
    sudo rm -r "$mountlocation"
    sudo cryptsetup close "$name"
}

unmount_luks lukscrypt1 /media/lukscrypt1

Resources

References

  1. Google Blog: Introducing Adiantum: Encryption for the Next Billion Users https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html
  2. https://www.reddit.com/r/crypto/comments/b3we04/aesadiantum_new_mode_in_linux_kernel_5/
Retrieved from "https://wiki.davidl.me/index.php?title=LUKS&oldid=6604"