Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [luks]

LUKS (Linux Unified Key Setup) is a disk-encryption specification. It is the standard for Linux hard disk encryption.

LUKS (Linux Unified Key Setup) is a disk-encryption specification. It is the standard for Linux hard disk encryption. LUKS stores all setup necessary setup information in the partition header, enabling the user to transport or migrate his data seamlessly.

Website: http://code.google.com/p/cryptsetup/

Wikipedia: http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup

157 questions
1
vote
2 answers

Degraded soft raid1 not booting and showing raid0

I created a server setup with uefi boot and encrypted lvm partitions as you may can see here: root@debian:~# lsblk -o name,uuid,type,size NAME UUID TYPE SIZE sda …
user543229
  • 11
  • 1
1
vote
0 answers

Dismounting MD RAID1 LUKS-encrypted volume with partitions

Fedora 29. I created a 5TB RAID1 volume using mdadm. I then encrypted the volume with cryptsetup luksFormat. I then created ext4 partitions on the encrypted volume. (I did it this way so I can add disks to the RAID1 array, wait for them to sync,…
RoUS
  • 141
  • 3
1
vote
0 answers

How to set up LVM / LUKS to allow easy expansion / contraction of disk space?

Disclaimer: I've never used LVM or LUKS before. Context: I use CentOS 7 and have X disk space available. I want to set up this disk space to store some important data, hence why I want to use LUKS to encrypt it. However I'm not sure X will be…
Radu Murzea
  • 161
  • 1
  • 6
1
vote
1 answer

Linux mount partition on encrypted drive (not encrypted partition!)

Instead of encrypting a partition I encrypted an entire drive (cryptsetup -luksFormat...). Don't ask why. I created a partition and a filesystem on that partition. Let's call the encrypted virtual block device datacrypt. When I created the…
user2052153
  • 11
  • 3
1
vote
2 answers

Is it possible to fix corrupt LUKS header?

I just accidentally overwrote the LUKS metadata of my volume with a new LVM header. I have copy of the original LUKS header but can't find it. Just in case, I made a dd image of the first 10MB of the now corrupt volume on a thumb drive. My question…
zonko
  • 11
  • 1
  • 2
1
vote
1 answer

luks IO error while decrypting keyslot

I'm trying to use cryptsetup to encrypt some partitions, but getting the error IO error while decrypting keyslot. The command and output is: root@rescue ~ # cryptsetup --debug --verbose --cipher aes-xts-plain64 --key-size 256 --hash sha256…
Mr5o1
  • 121
  • 6
1
vote
1 answer

Restore back-up from pre-encrypted drive into newly encrypted drive

It sounds like I am going to be reinstalling CentOS 7 on a server this weekend. The original installation didn't have the drive encrypted and it needs to be done. My understanding is that this will require a reformat so was going to back-up with…
cjones
  • 127
  • 5
1
vote
2 answers

Managing multiple LUKS devices

My linux fileserver has four LUKS-encrypted USB-3 disks. It's a bit confusing to mount them all: while they might get the same drive letters as last time, they might not, which leads to some trial and error. To mount them, I would normally say…
jma
  • 425
  • 6
  • 16
1
vote
1 answer

Postgres Data Encryption Using LUKS with dm-crypt

We have encrypted volume using LUKS. cryptsetup luksOpen /root/test1 volume1 and mounted on mount /dev/mapper/volume1 /mnt/files We created postgres data directory inside /mnt/files and able to start the postgres…
user50442
  • 241
  • 1
  • 2
  • 5
1
vote
1 answer

what is the most efficient way of unlocking a LUKS drive over the network when using key files?

It is easy to unlock a LUKS drive over SSH when the drive takes text passwords: cryptsetup luksOpen /dev/sdb1 mylockeddrive Then entering the password at prompt. Is there a way of unlocking these drives when a key file is used, short of copying the…
nvja
  • 113
  • 5
1
vote
1 answer

Maximum length of a LUKS passphrase

Anyone know the maximum length of a LUKS passphrase? The passphrase will be randomly generated, and I can create one with any length. I am using CentOS 6 with Linux kernel 2.6.32-573.12.1.el6.x86_64, and cryptsetup-luks version 1.2.0-11.el6.x86_64
Crash Override
  • 601
  • 1
  • 10
  • 21
1
vote
1 answer

LUKS Header - 30kB mysteriously missing

I have a disk containing (only) a LUKS encrypted volume. That was created on a bare drive with no partition table using cryptsetup v.1.6.1. When unlocked, I can check the size of the decrypted volume, compare it to the whole disk, and see that the…
Diagon
  • 246
  • 1
  • 11
1
vote
1 answer

how do I plan partitions for LUKS encryption of a CentOS 7 server?

A CentOS 7 web server needs encryption at rest. I would like to use LUKS encryption for this, but I need direction to plan how. Can I use LUKS encryption to encrypt the entire drive as one unit on a live web server? IMy ISP told me that I need to…
CodeMed
  • 315
  • 1
  • 8
  • 21
1
vote
1 answer

Why use dir_index, filetype, and sparse_super with LUKS volumes?

I have been reviewing various HOWTOs and blog posts about encrypted LUKS volumes formatted with ext3. Every single document specifies mkfs with: -O dir_index,filetype,sparse_super and not one of them explains why. I have a rough idea what dir_index…
Mark
  • 111
  • 1
1
vote
2 answers

LUKS/dm-crypt security in the case of a break-in

This is an encryption topic I've been confused by for a while now. From what I understand of LUKS, once the LUKS volume is opened with a passphrase and the resulting device mapper device is mounted, it can be read from and written to until the point…
Aaron Hastings
  • 113
  • 3
1 2 3
10 11