LUKS

From UVOO Tech Wiki
Revision as of 00:53, 11 October 2023 by Busk (talk | contribs)
Jump to navigation Jump to search

https://opensource.com/article/21/4/linux-encryption

Ubuntu

Test LUKS local image loopback

test-luks-loop-image.sh

#!/bin/bash
set -eu

rm v1.img || true
dd if=/dev/urandom of=v1.img bs=1M count=512
# losetup /dev/loop7 v1.img  # you can explicitly set loop# device if you want
cryptsetup --verify-passphrase luksFormat v1.img
losetup
cryptsetup open --type luks v1.img v1
ls /dev/mapper/v1
mkfs.ext4 -L "encrypted" /dev/mapper/v1
mkdir -p /mnt/encrypted
mount /dev/mapper/v1 /mnt/encrypted
echo testinput > /mnt/encrypted/test.txt
cat /mnt/encrypted/test.txt
umount /mnt/encrypted
cryptsetup close v1
# close removes losetup but you could losetup -d /dev/loop# if it lets you which crypt might not
# ls /dev/mapper/v1 || true

echo "Testing remount"
cryptsetup open --type luks v1.img v1

mount /dev/mapper/v1 /mnt/encrypted
cat /mnt/encrypted/test.txt
cryptsetup close v1
echo "DONE"

Multiple key decrypt

https://stackoverflow.com/questions/597188/encryption-decryption-with-multiple-keys

Other Condiderations

Other

dd if=/dev/urandom of=vaultfile.img bs=1M count=512
sudo apt install -y cryptsetup-initramfs
cryptsetup --verify-passphrase luksFormat vaultfile.img
<br />First make your file accessible via a loopback device
losetup /dev/loop/0 /path/file
Open the loopback device to crypt_fun
cryptsetup luksOpen /dev/loop/0 crypt_fun
Mount it
mount /dev/mapper/crypt_fun /crypt


cryptsetup open --type luks vaultfile.img vaultfile

https://askubuntu.com/questions/63594/mount-encrypted-volumes-from-command-line

mounting in wsl2

cd /tmp
mkdir mnt
dd if=/dev/urandom of=foo2.img bs=1M count=512
mkfs ext2 -F foo2.img
mount -o loop foo2.img /tmp/mnt
umount mnt

More

#!/bin/bash

FILENAME="private.img";
FILESIZE="100M";

# Create encrypted volume if it doesn't exist
if [ ! -f $FILENAME ]; then

    echo "Creating image file...";
    dd if=/dev/zero of=$FILENAME bs=$FILESIZE count=0 seek=1

    echo "Setting permissions...";
    chmod 600 $FILENAME;

    echo "Mounting image file...";
    sudo losetup -D;
    sudo losetup /dev/loop0 $FILENAME;

    echo "Encrypting image file...";
    sudo cryptsetup -q -y luksFormat /dev/loop0;

    echo "Opening encrypted volume...";
    sudo cryptsetup luksOpen /dev/loop0 encrypted;

    echo "Zeroing encrypted volume...";
    sudo dd if=/dev/zero of=/dev/mapper/encrypted;

    echo "Formatting encrypted volume...";
    sudo mkfs.ext4 -L "encrypted" /dev/mapper/encrypted;

    echo "Closing encrypted volume...";
    sudo cryptsetup luksClose /dev/mapper/encrypted;
    sudo losetup -D;

fi

echo "Mounting image file...";
sudo losetup -D;
sudo losetup /dev/loop0 $FILENAME;

echo "Decrypting image file...";
sudo cryptsetup luksOpen /dev/loop0 encrypted;

echo "Mounting encrypted volume...";
sudo mount /dev/mapper/encrypted /mnt/encrypted;
vim -i NONE -c 'set noswapfile' -c 'set nobackup' -c 'set noundofile' --cmd 'set undodir=/dev/null' /mnt/encrypted/;

echo "Unmounting encrypted volume...";
sudo umount /mnt/encrypted;

echo "Closing encrypted volume...";
sudo cryptsetup luksClose /dev/mapper/encrypted;

echo "Unmounting image file...";
sudo losetup -D;