Luks
Zur Navigation springen
Zur Suche springen
Inhaltsverzeichnis
luks, cryptsetup
luks install
$ apt-get install cryptsetup
luks config
$ modprobe dm-crypt $ dmsetup ls
luks create
$ cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 -y /dev/sda
luks open
$ cryptsetup luksOpen /dev/sda cryptdata
luks filesystem
$ mkfs.ext4 /dev/mapper/cryptdata
luks mount
$ mount /dev/mapper/cryptdata /home/cryptdata $ mount -t ext4 /dev/mapper/cryptdata cryptdata
luks umount
$ umount /home/cryptdata
luks close
$ cryptsetup luksClose container
luks file-container
$ dd if=/dev/zero of=/home/container bs=1M count=1024
$ cryptsetup -y luksFormat /home/container $ cryptsetup luksOpen /home/container container
$ mkfs.ext4 -j /dev/mapper/container
$ mkdir /home/container_data $ mount /dev/mapper/container /home/container_data
$ umount /home/container_data
$ cryptsetup luksClose container
luks Header/Slots:Keys
$ cryptsetup luksDump [device-name] $ cryptsetup status /dev/mapper/[device-name]
$ cryptsetup luksAddKey /dev/sda1 $ cryptsetup luksAddKey [geraet] [schluesseldatei]
delete password $ cryptsetup luksRemoveKey [device-name]
delete slot $ cryptsetup luksKillSlot /dev/sda1 1 $ cryptsetup luksDelKey [geraet] [speicherplatz]
luks luksUUID
$ cryptsetup luksUUID NAME $ printf "lukslvm\tUUID=%s\tnone\tluks\n" "$(cryptsetup luksUUID NAME)" | tee -a /etc/crypttab #CHECK! $ cryptsetup luksUUID /dev/sda1 --uuid "$newuuid"
luks luksUUID open
cryptsetup luksOpen /dev/disk/by-uuid/xxxxx NAME
luks Create KeyFile
dd if=/dev/urandom of=/root/keyfile bs=1024 count=4 chmod 0400 /root/keyfile cryptsetup luksAddKey /dev/sdx /root/keyfile
blkid /dev/SDX >> /etc/crypttab
nano /etc/crypttab
sdx_CryptNameMapper UUID=XXXX /root/keyfile luks
bsp.: hd0 UUID=d993b1ed-9b42-46e8-a520-d74737db9684 /root/keyfile luks
nano /etc/fstab
/dev/mapper/sdx_CryptNameMapper /media/xxxx ext4 defualts 0 2
bsp.: /dev/mapper/hd0 /media/hd0 ext4 defaults 0 2
update-initramfs -u
How to prevent Centos from recovery password in remount - Grub?