Difference between revisions of "LUKS"

From UVOO Tech Wiki
Jump to navigation Jump to search
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
https://opensource.com/article/21/4/linux-encryption
 
https://opensource.com/article/21/4/linux-encryption
 +
 +
# Ubuntu
 +
 +
# Test LUKS local image loopback
 +
 +
test-luks-loop-image.sh
 +
```
 +
#!/bin/bash
 +
set -eu
 +
 +
rm v1.img || true
 +
dd if=/dev/urandom of=v1.img bs=1M count=512
 +
# losetup /dev/loop7 v1.img  # you can explicitly set loop# device if you want
 +
cryptsetup --verify-passphrase luksFormat v1.img
 +
losetup
 +
cryptsetup open --type luks v1.img v1
 +
ls /dev/mapper/v1
 +
mkfs.ext4 -L "encrypted" /dev/mapper/v1
 +
mkdir -p /mnt/encrypted
 +
mount /dev/mapper/v1 /mnt/encrypted
 +
echo testinput > /mnt/encrypted/test.txt
 +
cat /mnt/encrypted/test.txt
 +
umount /mnt/encrypted
 +
cryptsetup close v1
 +
# close removes losetup but you could losetup -d /dev/loop# if it lets you which crypt might not
 +
# ls /dev/mapper/v1 || true
 +
 +
echo "Testing remount"
 +
cryptsetup open --type luks v1.img v1
 +
 +
mount /dev/mapper/v1 /mnt/encrypted
 +
cat /mnt/encrypted/test.txt
 +
cryptsetup close v1
 +
echo "DONE"
 +
```
 +
 +
## Multiple key decrypt
 +
 +
https://stackoverflow.com/questions/597188/encryption-decryption-with-multiple-keys
 +
 +
# Other Condiderations
 +
- https://unix.stackexchange.com/questions/77178/encrypting-loopback-images-without-using-a-loopback-device
 +
- https://unix.stackexchange.com/questions/183798/unlock-luks-partition-using-keyfile-without-root-access
 +
 +
# Other
 +
 +
```
 +
dd if=/dev/urandom of=vaultfile.img bs=1M count=512
 +
sudo apt install -y cryptsetup-initramfs
 +
cryptsetup --verify-passphrase luksFormat vaultfile.img
 +
```
 +
 +
```
 +
 +
First make your file accessible via a loopback device
 +
losetup /dev/loop/0 /path/file
 +
Open the loopback device to crypt_fun
 +
cryptsetup luksOpen /dev/loop/0 crypt_fun
 +
Mount it
 +
mount /dev/mapper/crypt_fun /crypt
 +
 +
 +
cryptsetup open --type luks vaultfile.img vaultfile
 +
```
 +
 +
https://askubuntu.com/questions/63594/mount-encrypted-volumes-from-command-line
 +
 +
 +
mounting in wsl2
 +
```
 +
cd /tmp
 +
mkdir mnt
 +
dd if=/dev/urandom of=foo2.img bs=1M count=512
 +
mkfs ext2 -F foo2.img
 +
mount -o loop foo2.img /tmp/mnt
 +
umount mnt
 +
```
  
  

Latest revision as of 01:16, 11 October 2023

https://opensource.com/article/21/4/linux-encryption

Ubuntu

Test LUKS local image loopback

test-luks-loop-image.sh

#!/bin/bash
set -eu

rm v1.img || true
dd if=/dev/urandom of=v1.img bs=1M count=512
# losetup /dev/loop7 v1.img  # you can explicitly set loop# device if you want
cryptsetup --verify-passphrase luksFormat v1.img
losetup
cryptsetup open --type luks v1.img v1
ls /dev/mapper/v1
mkfs.ext4 -L "encrypted" /dev/mapper/v1
mkdir -p /mnt/encrypted
mount /dev/mapper/v1 /mnt/encrypted
echo testinput > /mnt/encrypted/test.txt
cat /mnt/encrypted/test.txt
umount /mnt/encrypted
cryptsetup close v1
# close removes losetup but you could losetup -d /dev/loop# if it lets you which crypt might not
# ls /dev/mapper/v1 || true

echo "Testing remount"
cryptsetup open --type luks v1.img v1

mount /dev/mapper/v1 /mnt/encrypted
cat /mnt/encrypted/test.txt
cryptsetup close v1
echo "DONE"

Multiple key decrypt

https://stackoverflow.com/questions/597188/encryption-decryption-with-multiple-keys

Other Condiderations

Other

dd if=/dev/urandom of=vaultfile.img bs=1M count=512
sudo apt install -y cryptsetup-initramfs
cryptsetup --verify-passphrase luksFormat vaultfile.img
<br />First make your file accessible via a loopback device
losetup /dev/loop/0 /path/file
Open the loopback device to crypt_fun
cryptsetup luksOpen /dev/loop/0 crypt_fun
Mount it
mount /dev/mapper/crypt_fun /crypt


cryptsetup open --type luks vaultfile.img vaultfile

https://askubuntu.com/questions/63594/mount-encrypted-volumes-from-command-line

mounting in wsl2

cd /tmp
mkdir mnt
dd if=/dev/urandom of=foo2.img bs=1M count=512
mkfs ext2 -F foo2.img
mount -o loop foo2.img /tmp/mnt
umount mnt

More

#!/bin/bash

FILENAME="private.img";
FILESIZE="100M";

# Create encrypted volume if it doesn't exist
if [ ! -f $FILENAME ]; then

    echo "Creating image file...";
    dd if=/dev/zero of=$FILENAME bs=$FILESIZE count=0 seek=1

    echo "Setting permissions...";
    chmod 600 $FILENAME;

    echo "Mounting image file...";
    sudo losetup -D;
    sudo losetup /dev/loop0 $FILENAME;

    echo "Encrypting image file...";
    sudo cryptsetup -q -y luksFormat /dev/loop0;

    echo "Opening encrypted volume...";
    sudo cryptsetup luksOpen /dev/loop0 encrypted;

    echo "Zeroing encrypted volume...";
    sudo dd if=/dev/zero of=/dev/mapper/encrypted;

    echo "Formatting encrypted volume...";
    sudo mkfs.ext4 -L "encrypted" /dev/mapper/encrypted;

    echo "Closing encrypted volume...";
    sudo cryptsetup luksClose /dev/mapper/encrypted;
    sudo losetup -D;

fi

echo "Mounting image file...";
sudo losetup -D;
sudo losetup /dev/loop0 $FILENAME;

echo "Decrypting image file...";
sudo cryptsetup luksOpen /dev/loop0 encrypted;

echo "Mounting encrypted volume...";
sudo mount /dev/mapper/encrypted /mnt/encrypted;
vim -i NONE -c 'set noswapfile' -c 'set nobackup' -c 'set noundofile' --cmd 'set undodir=/dev/null' /mnt/encrypted/;

echo "Unmounting encrypted volume...";
sudo umount /mnt/encrypted;

echo "Closing encrypted volume...";
sudo cryptsetup luksClose /dev/mapper/encrypted;

echo "Unmounting image file...";
sudo losetup -D;