David's Wiki

LUKS: Difference between revisions

Page Discussion

LUKS (view source)

Revision as of 18:34, 15 January 2023

5 bytes added ,  15 January 2023
→‎Encrypting a device
Line 10: Line 10:


===Encrypting a device===
===Encrypting a device===
* Setup encryption
<syntaxhighlight lang="bash">
<pre>
# Examples
DEVICE=/dev/sda
NAME=arr1
 
# Setup encryption
cryptsetup -v --type luks2 --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
cryptsetup -v --type luks2 --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
           --iter-time 5000 --use-urandom --verify-passphrase luksFormat "${DEVICE}"
           --iter-time 5000 --use-urandom --verify-passphrase luksFormat "${DEVICE}"
</pre>


* Open encrypted drive
# Open encrypted drive to /dev/mapper/$NAME
<pre>
cryptsetup open "${DEVICE}" "${NAME}"
cryptsetup open "${DEVICE}" "${NAME}"
</pre>


* Create a partition
# Create a partition
<pre>
mkfs.btrfs /dev/mapper/${NAME}
mkfs.btrfs /dev/mapper/${NAME}
</pre>
mount -t btrfs /dev/mapper/${NAME} /media/${NAME}


* Securely wipe the unused portion of the drive
# Fill the drive to overwrite any existing raw data (optional)
** Do this to prevent cryptographic attacks and to overwrite existing data on the drive
dd if=/dev/zero of=/media/$NAME/file status=progress
<pre>
</syntaxhighlight>
dd if=/dev/zero of=<file_somewhere> status=progress
# Delete the file afterwards
</pre>


===Mounting===
===Mounting===
Retrieved from "https://wiki.davidl.me/view/Special:MobileDiff/6362"