Luks cryptsetup

Table of Content

For a containerfile

  1. create the containerfile with sice e.g. 250MB
$ dd if=/dev/urandom of=container_file bs=1M count=250
  1. creates the lukscontainer on the container file
$ cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -y luksFormat container_file
  1. open lukscontainer
$ cryptsetup luksOpen container_file container
  1. make fs on the container
$ mkfs.ext4 /dev/mapper/container
  1. mount new fs now
$ mount -t ext4 /dev/mapper/container /mnt/container
  1. umout and close container
$ umount /mnt/container
$ cryptsetup luksClose /dev/mapper/container
  1. open
$ cryptsetup luksOpen container_file container
$ mount -t ext4 /dev/mapper/container /mnt/container

For a drive

  1. completly clear device
$ cfdisk /dev/sdb
  1. create partition on device
$ fdisk /dev/sdb

Command: > n
Select: > p
Partition number: default (press enter) / or the thrist one
First sector: default (press enter)
Last sector: default (press enter)
Command: > w
  1. Encryption
$ cryptsetup -v -y -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --use-random luksFormat /dev/sdb1
ParameterDescription
-vverbose
-yverify passphrase, ask twice, and complain if they don’t match
-cspecify the cipher used
-sspecify the key size used
-hspecify the hash used
-inumber of milliseconds to spend passphrase processing (if using anything more than sha1, must be great than 1000)
–use-randomwhich random number generator to use
luksFormatto initialize the partition and set a passphrase
/dev/sdb1the partition to encrypt
  1. Check luksDump
$ cryptsetup luksDump /dev/sdb1
  1. Backup luksHeader
$ cryptsetup luksHeaderBackup --header-backup-file /path/to/file.img /dev/sdb1
  1. Open luks container
$ cryptsetup luksOpen /dev/sdb1 volume01
  1. Create FS in luks container
$ mkfs.ext4 /dev/mapper/volume01
  1. Mount fs from luks container (requier that luks container was opend)
$ mount /dev/mapper/volume01 /mnt/drive01
  1. Unmount and close container
$ umount /mnt/drive01
$ cryptsetup luksClose /dev/mapper/volume01