Difference between revisions of "LUKS"
Jump to navigation
Jump to search
Line 2: | Line 2: | ||
# Ubuntu | # Ubuntu | ||
+ | |||
+ | # Test LUKS local image loopback | ||
+ | |||
+ | test-luks-loop-image.sh | ||
+ | ``` | ||
+ | #!/bin/bash | ||
+ | set -eu | ||
+ | |||
+ | rm v1.img || true | ||
+ | dd if=/dev/urandom of=v1.img bs=1M count=512 | ||
+ | # losetup /dev/loop7 v1.img # you can explicitly set loop# device if you want | ||
+ | cryptsetup --verify-passphrase luksFormat v1.img | ||
+ | losetup | ||
+ | cryptsetup open --type luks v1.img v1 | ||
+ | ls /dev/mapper/v1 | ||
+ | mkfs.ext4 -L "encrypted" /dev/mapper/v1 | ||
+ | mkdir -p /mnt/encrypted | ||
+ | mount /dev/mapper/v1 /mnt/encrypted | ||
+ | echo testinput > /mnt/encrypted/test.txt | ||
+ | cat /mnt/encrypted/test.txt | ||
+ | umount /mnt/encrypted | ||
+ | cryptsetup close v1 | ||
+ | # close removes losetup but you could losetup -d /dev/loop# if it lets you which crypt might not | ||
+ | # ls /dev/mapper/v1 || true | ||
+ | |||
+ | echo "Testing remount" | ||
+ | cryptsetup open --type luks v1.img v1 | ||
+ | |||
+ | mount /dev/mapper/v1 /mnt/encrypted | ||
+ | cat /mnt/encrypted/test.txt | ||
+ | cryptsetup close v1 | ||
+ | echo "DONE" | ||
+ | ``` | ||
+ | |||
+ | |||
``` | ``` | ||
dd if=/dev/urandom of=vaultfile.img bs=1M count=512 | dd if=/dev/urandom of=vaultfile.img bs=1M count=512 | ||
Line 7: | Line 42: | ||
cryptsetup --verify-passphrase luksFormat vaultfile.img | cryptsetup --verify-passphrase luksFormat vaultfile.img | ||
``` | ``` | ||
+ | |||
+ | ``` | ||
+ | |||
+ | First make your file accessible via a loopback device | ||
+ | losetup /dev/loop/0 /path/file | ||
+ | Open the loopback device to crypt_fun | ||
+ | cryptsetup luksOpen /dev/loop/0 crypt_fun | ||
+ | Mount it | ||
+ | mount /dev/mapper/crypt_fun /crypt | ||
+ | |||
+ | |||
+ | cryptsetup open --type luks vaultfile.img vaultfile | ||
+ | ``` | ||
+ | |||
+ | https://askubuntu.com/questions/63594/mount-encrypted-volumes-from-command-line | ||
Revision as of 00:45, 11 October 2023
https://opensource.com/article/21/4/linux-encryption
Ubuntu
Test LUKS local image loopback
test-luks-loop-image.sh
#!/bin/bash set -eu rm v1.img || true dd if=/dev/urandom of=v1.img bs=1M count=512 # losetup /dev/loop7 v1.img # you can explicitly set loop# device if you want cryptsetup --verify-passphrase luksFormat v1.img losetup cryptsetup open --type luks v1.img v1 ls /dev/mapper/v1 mkfs.ext4 -L "encrypted" /dev/mapper/v1 mkdir -p /mnt/encrypted mount /dev/mapper/v1 /mnt/encrypted echo testinput > /mnt/encrypted/test.txt cat /mnt/encrypted/test.txt umount /mnt/encrypted cryptsetup close v1 # close removes losetup but you could losetup -d /dev/loop# if it lets you which crypt might not # ls /dev/mapper/v1 || true echo "Testing remount" cryptsetup open --type luks v1.img v1 mount /dev/mapper/v1 /mnt/encrypted cat /mnt/encrypted/test.txt cryptsetup close v1 echo "DONE"
dd if=/dev/urandom of=vaultfile.img bs=1M count=512 sudo apt install -y cryptsetup-initramfs cryptsetup --verify-passphrase luksFormat vaultfile.img
<br />First make your file accessible via a loopback device losetup /dev/loop/0 /path/file Open the loopback device to crypt_fun cryptsetup luksOpen /dev/loop/0 crypt_fun Mount it mount /dev/mapper/crypt_fun /crypt cryptsetup open --type luks vaultfile.img vaultfile
https://askubuntu.com/questions/63594/mount-encrypted-volumes-from-command-line
mounting in wsl2
cd /tmp mkdir mnt dd if=/dev/urandom of=foo2.img bs=1M count=512 mkfs ext2 -F foo2.img mount -o loop foo2.img /tmp/mnt umount mnt
More
#!/bin/bash FILENAME="private.img"; FILESIZE="100M"; # Create encrypted volume if it doesn't exist if [ ! -f $FILENAME ]; then echo "Creating image file..."; dd if=/dev/zero of=$FILENAME bs=$FILESIZE count=0 seek=1 echo "Setting permissions..."; chmod 600 $FILENAME; echo "Mounting image file..."; sudo losetup -D; sudo losetup /dev/loop0 $FILENAME; echo "Encrypting image file..."; sudo cryptsetup -q -y luksFormat /dev/loop0; echo "Opening encrypted volume..."; sudo cryptsetup luksOpen /dev/loop0 encrypted; echo "Zeroing encrypted volume..."; sudo dd if=/dev/zero of=/dev/mapper/encrypted; echo "Formatting encrypted volume..."; sudo mkfs.ext4 -L "encrypted" /dev/mapper/encrypted; echo "Closing encrypted volume..."; sudo cryptsetup luksClose /dev/mapper/encrypted; sudo losetup -D; fi echo "Mounting image file..."; sudo losetup -D; sudo losetup /dev/loop0 $FILENAME; echo "Decrypting image file..."; sudo cryptsetup luksOpen /dev/loop0 encrypted; echo "Mounting encrypted volume..."; sudo mount /dev/mapper/encrypted /mnt/encrypted; vim -i NONE -c 'set noswapfile' -c 'set nobackup' -c 'set noundofile' --cmd 'set undodir=/dev/null' /mnt/encrypted/; echo "Unmounting encrypted volume..."; sudo umount /mnt/encrypted; echo "Closing encrypted volume..."; sudo cryptsetup luksClose /dev/mapper/encrypted; echo "Unmounting image file..."; sudo losetup -D;