0

I am writing a Bash script to make LUKS encryption user friendly and to make the process faster while still allowing control of the arguments.

My current code:

#!/usr/bin/env bash


## Ask user for device.
echo "Device:"
read device

## Ask user for cipher.
echo "Available ciphers:"
echo "AES     [0]"
echo "Serpent [1]"
echo "Twofish [2]"
echo "Cipher:"
read cipherin
if [[ $cipherin == "0" ]]; then
        [[ $cipher == "aes-xts-plain64" ]]
elif [[ $cipherin == "1" ]]; then
        [[ $cipher == "serpent-xts-plain64" ]]
elif [[ $cipherin == "2" ]]; then
        [[ $cipher == "twofish-xts-plain64" ]]
else echo "Invalid choice."
fi

## Ask user for key length.
echo "Available key lengths (bits):"
echo "128 [0]"
echo "256 [1]"
echo "Key length:"
read keyin
if [[ $keyin == "0" ]]; then
        [[ $key == "256" ]]
elif [[ $keyin == "1" ]]; then
        [[ $key == "512" ]]
else echo "Invalid choice."
fi

## Ask user for hash.
echo "Available hashes:"
echo "SHA-1     [0]"
echo "SHA-256   [1]"
echo "SHA-512   [2]"
echo "Whirlpool [3]:"
echo "Hash:"
read hashin
if [[ $hashin == "0" ]]; then
        [[ $hash == "sha1" ]]
elif [[ $hashin == "1" ]]; then
        [[ $hash == "sha256" ]]
elif [[ $hashin == "2" ]]; then
        [[ $hash == "sha512" ]]
elif [[ $hashin == "3" ]]; then
        [[ $hash == "whirlpool" ]]
else echo "Invalid choice."
fi

## Ask user for PBKDF.
echo "Available PBKDFs:"
echo "argon2i  [0]"
echo "argon2id [1]"
echo "pbkdf2   [2]"
read pbkdfin
if [[ $pbkdfin == "0" ]]; then
        [[ $pbkdf == "argon2i" ]]
elif [[ $pbkdfin == "1" ]]; then
        [[ $pbkdf == "argon2id" ]]
elif [[ $pbkdfin == "2" ]]; then
        [[ $pbkdf == "pbkdf2" ]]
else echo "Invalid choice."
fi

## Ask user for iteration time.
echo "Iteration time (ms):"
read iteration

## Encrypt drive using LUKS.
echo "Encrypting..."
sudo cryptsetup --type luks2 -c ${cipher} -h ${hash}\
 -i ${iteration} -s ${key} --pbkdf ${pbkdf} --use-urandom\
 -y luksFormat ${device}

The command fails with "cryptsetup: invalid numeric value". I enter 2000 into the iterations, which is default, so I know the number of interations is not the issue.

I have used https://shellcheck.net with no positive outcome; I am confused by the results.

  • Put a space before the backslashes? – Shawn Sep 30 '21 at 21:39
  • And what's with the `if [[ ... ]]; then [[ ... ]] elif ...` blocks? What are those supposed to be doing? Did you want to assign values to variables instead? – Shawn Sep 30 '21 at 21:41
  • @Shawn Spaces before backslashes changes nothing. –  Sep 30 '21 at 22:08
  • @Shawn I want to make the input of one variable (variables with "in" at the end of them) insert a specific string into another variable (variables without "in" at the end of them). –  Sep 30 '21 at 22:09
  • Well, `[[ x == y]]`, doesn't assign anything, it just tests to see if x matches y... Print out the command you're trying to run instead to see what the arguments are. – Shawn Sep 30 '21 at 22:41
  • ShellCheck says things like "cipher is referenced but not assigned" and it's right, that is your problem. You can use `cipher="aes-xts-plain64"` to assign a string to a variable. – that other guy Sep 30 '21 at 23:04
  • At what line does the error happen? Can you trim your code down to a [mcve]? – Robert Oct 07 '21 at 21:33
  • @thatotherguy How can I make each cipher be added to the "cipher" string when it's chosen? Not all options will be "aes-xts-plain64". –  Oct 10 '21 at 16:49
  • @Robert I'm not sure which part of the code is causing the issue. If I remove lines of code, the entire script outputs an error stating that extra arguments are required. I've only been able to reproduce the issue using the entirety of the code I provided in my question. –  Oct 10 '21 at 16:51
  • @Shawn If `==` doesn't make it equal something, does using 1 `=`? How can I make an input add a specific string to another variable's input? –  Oct 10 '21 at 16:53

0 Answers0