Stack Overflow
Stack Overflow

Questions tagged [luks]

The Linux Unified Key Setup or is a disk-encryption specification created by Clemens Fruhwirth in 2004 and originally intended for .

While most disk software implements different and incompatible, undocumented formats, LUKS specifies a platform-independent standard on-disk format for use in various tools. This not only facilitates compatibility and interoperability amongst different programs, but also assures that they all implement password management in a secure and documented manner.

The reference implementation for LUKS operates on Linux and is based on an enhanced version of cryptsetup, using dm-crypt as the disk encryption backend. Under Microsoft Windows, LUKS-encrypted disks can be used with LibreCrypt (formerly DoxBox).

References:

59 questions
1
vote
0 answers

Restricted premissions for passphrases using cryptsetup

Hello Stack community, when using cryptsetup (in Ubuntu console), is it possible to restrict the creation of new passphrases exclusively to the cases when the passphrase in the slot 0 is used? What I am aiming for is: 'admin' gets the password…
olga.bio
  • 281
  • 3
  • 15
1
vote
0 answers

Compiling cryptsetup for Android

Sorry for the long preamble, but here goes... I want to be able to read my LUKS encrypted USB drive on my phone and so I was searching for cryptsetup for Android. I found an abandoned Guardian Project repo which led me to an old blog post about…
zigifex
  • 11
  • 3
1
vote
0 answers

Issue with Encryption using Luks in Beaglebone

I am trying to encrypt a partition of memory device in Beaglebone using the library libcryptsetup, but I can't add key slot to the formatted partition. crypt_keyslot_add_by_volume_key(cd,CRYPT_SLOT_ACTIVE,NULL,0,"demo",4); This function always…
Renjith R
  • 109
  • 1
  • 1
  • 5
1
vote
1 answer

VMWare ESXi, RHEL, LUKS and network latency

My company is running into a network performance problem that seemingly has all of the "experts" we're working with (VMWare support, RHEL support, our managed services hosting provider) stumped. The issue is that network latency between our VMs…
Joshua Toub
  • 31
  • 5
1
vote
3 answers

Mandos in Docker

I try to setup Mandos inside a Docker container and failed with dbus errors. It's possible to run the server without dbus, but mandos-ctl and mandos-monitor need dbus to run. my Dockerfile FROM ubuntu:16.04 RUN locale-gen de_DE.UTF-8 ENV…
user2638109
  • 321
  • 3
  • 13
1
vote
3 answers

Auto decrypt multiple LUKS Devices with Mandos

I played around with Mandos to automatically open an encrypted root device. I wanted to setup an encrypted btrfs raid 1 (sda1 and sdb1: LUKS). The first device is decrypted correctlly, but the second will noch be opened. Is there a way to do this?
user2638109
  • 321
  • 3
  • 13
1
vote
1 answer

(Yocto / OpenEmbedded) Enabling systemd's libcryptsetup

I am trying to enable systemd's libcryptsetup module in order to decrypt a drive at bootup through crypttab. It seems crypttab is not present because the systemd-cryptsetup-generator is missing from the systemd (216) build. I have tried specifying…
Alexandru Bogdan
  • 33
  • 7
0
votes
0 answers

How to recover a btrfs filesystem on top of lvm on two encrypted devices after an lvresize mishap

Recently I added a second ssd block device tot my Pop!_OS 22.04 system, encrypted it and added it to the volume group. In the process I decided to resize the root logical volume (the only volume). However instead of reducing it by 1GB I resized it…
JayBeRayGearGun
  • 1
0
votes
0 answers

How to run a cli command over linux, get the return and send a reply to the shell using Python

I'm implementing a tool to manage encrypted volumes in a Linux/Docker environment using Python. This tool run a bunch of commands in the system to create, open and close this LUKS encrypted volumes. The part that I'm having difficulties is to create…
Lucas Bulegon
  • 1
0
votes
0 answers

Opening LUKS container via cryptsetup API call using keyfile from TPM

I have an encrypted LUKS container that was created via Linux shell by: cryptsetup luksFormat Then the related key file was stored on TPM by: cryptsetup-tpm2 --tpm2-nv add After that I need to…
Maxim
  • 83
  • 6
0
votes
0 answers

cryptsetup online reencrypt returns "This operation is not supported for this device type."

I have a LUKS device opened on top of a logical volume, and I'd like to do an online reencryption for the LUKS device. I did cryptsetup reencrypt --active-name , and it gives me This operation is not supported for this device type. I…
zzcai
  • 1
  • 2
0
votes
0 answers

keyscript in crypttab file is ignored during boot on a ubuntu system

I see that crypttab option keyscript is ignored in syslogs on the machine. Encountered unknown /etc/crypttab option keyscript=/usr/lib/cryptsetup/scripts/getpassphrase.sh, ignoring. How to use cryptsetup with systemd on a Ubuntu 20 system…
unknown
  • 5
  • 5
0
votes
0 answers

LUKS+TPM2 not auto-unlock after resize partition

LVM LUKS partition, adding TPM2 auto-decrypt on boot - works OK. when resized partition after TPM2 set (or even before) (using cryptsetup resize + LVM commands) - TPM no longer auto-decrypts it, always asks for password on boot ! tried tpm clear,…
gadh
  • 1
  • 2
0
votes
2 answers

Find who is holding cryptsetup/LUKS encrypted home (some KDE/X vs common sense madness)

I'm fighting some ridiculous no-so-eeasy to debug case with my cryptsetup/LUKS encrypted home directory. The setup: I have partition that is dedicated to my user home directory and encrypted with cryptsetup/LUKSv2 (lets call this user "crypted").…
e-pirate
  • 153
  • 1
  • 10
0
votes
0 answers

How to implement a mandatory single as a parameter with argp?

I am playing around with argp.h in C but I don't manage to recreate the desired behavior for my CLI. What I would like is a syntax similar to, e.g., cryptsetup: Usage: cryptsetup [OPTION...] Let's say, for example, that…
zambowalla
  • 21
  • 4
1
2
3 4