{"id":341,"date":"2019-08-16T19:33:18","date_gmt":"2019-08-16T09:33:18","guid":{"rendered":"https:\/\/blog.hegars.com\/?p=341"},"modified":"2019-08-18T23:07:38","modified_gmt":"2019-08-18T13:07:38","slug":"cryptsetup","status":"publish","type":"post","link":"https:\/\/blog.hegars.com\/?p=341","title":{"rendered":"Cryptsetup"},"content":{"rendered":"\n<p>As described on the following.<br><a href=\"https:\/\/www.crc.id.au\/linux-and-usb-full-disk-encryption\/\">https:\/\/www.crc.id.au\/linux-and-usb-full-disk-encryption\/<\/a><br><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Flow<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"582\" height=\"305\" src=\"https:\/\/blog.hegars.com\/wp-content\/uploads\/2019\/08\/image-8.png\" alt=\"\" class=\"wp-image-386\" srcset=\"https:\/\/blog.hegars.com\/wp-content\/uploads\/2019\/08\/image-8.png 582w, https:\/\/blog.hegars.com\/wp-content\/uploads\/2019\/08\/image-8-300x157.png 300w\" sizes=\"(max-width: 582px) 100vw, 582px\" \/><\/figure>\n\n\n\n<p> <\/p>\n\n\n\n<p># mkdir \/etc\/luks-keys<br># chmod 700 \/etc\/luks-keys<br># dd if=\/dev\/urandom of=\/etc\/luks-keys\/new-key-file bs=1 count=4096<br># cryptsetup luksFormat \/dev\/sdb \/etc\/luks-keys\/new-key-file<br># cryptsetup luksUUID \/dev\/sdb<br># mv \/etc\/luks-keys\/new-key-file \/etc\/luks-keys\/48a05e5e-1338-4278-a5cb-69657b2423e4<br># chmod 400 \/etc\/luks-keys\/48a05e5e-1338-4278-a5cb-69657b2423e4<br># cryptsetup &#8211;key-file \/etc\/luks-keys\/48a05e5e-1338-4278-a5cb-9657b2423e4 open \/dev\/sdb luks-48a05e5e-1338-4278-a5cb-69657b2423e4<br># mkfs.ext4 \/dev\/mapper\/luks-48a05e5e-1338-4278-a5cb-69657b2423e4 <br># mount \/dev\/mapper\/luks-48a05e5e-1338-4278-a5cb-69657b2423e4 \/mnt\/luks\/<br># umount \/mnt\/luks<br># cryptsetup close luks-48a05e5e-1338-4278-a5cb-69657b2423e4<br># mount \/dev\/mapper\/luks-48a05e5e-1338-4278-a5cb-69657b2423e4 \/mnt\/luks\/<br># umount \/mnt\/luks<br># cryptsetup close luks-48a05e5e-1338-4278-a5cb-69657b2423e4<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">LuksDump<\/h2>\n\n\n\n<p># cryptsetup luksDump \/dev\/sdb<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"583\" height=\"592\" src=\"https:\/\/blog.hegars.com\/wp-content\/uploads\/2019\/08\/image-9.png\" alt=\"\" class=\"wp-image-390\" srcset=\"https:\/\/blog.hegars.com\/wp-content\/uploads\/2019\/08\/image-9.png 583w, https:\/\/blog.hegars.com\/wp-content\/uploads\/2019\/08\/image-9-295x300.png 295w\" sizes=\"(max-width: 583px) 100vw, 583px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">LuksFormat options <\/h2>\n\n\n\n<p>cryptsetup -v &#8211;cipher aes-xts-plain64 &#8211;key-size 512 &#8211;hash sha512 &#8211;iter-time 2000 &#8211;use-random &#8211;verify-passphrase luksFormat \/dev\/sdb<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Displaying status<\/h2>\n\n\n\n<p># cryptsetup status luks-48a05e5e-1338-4278-a5cb-69657b2423e4 <br> \/dev\/mapper\/luks-48a05e5e-1338-4278-a5cb-69657b2423e4 is active.<br>   type:    LUKS2<br>   cipher:  aes-xts-plain64<br>   keysize: 512 bits<br>   key location: keyring<br>   device:  \/dev\/sdb<br>   sector size:  512<br>   offset:  32768 sectors<br>   size:    41910272 sectors<br>   mode:    read\/write<br><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">TODO:<\/h2>\n\n\n\n<p>Pull certificate from Yubikey PIV Smartcard<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As described on the following.https:\/\/www.crc.id.au\/linux-and-usb-full-disk-encryption\/ Flow # mkdir \/etc\/luks-keys# chmod 700 \/etc\/luks-keys# dd if=\/dev\/urandom of=\/etc\/luks-keys\/new-key-file bs=1 count=4096# cryptsetup luksFormat \/dev\/sdb \/etc\/luks-keys\/new-key-file# cryptsetup luksUUID \/dev\/sdb# mv \/etc\/luks-keys\/new-key-file \/etc\/luks-keys\/48a05e5e-1338-4278-a5cb-69657b2423e4# chmod 400 \/etc\/luks-keys\/48a05e5e-1338-4278-a5cb-69657b2423e4# cryptsetup &#8211;key-file \/etc\/luks-keys\/48a05e5e-1338-4278-a5cb-9657b2423e4 open \/dev\/sdb luks-48a05e5e-1338-4278-a5cb-69657b2423e4# mkfs.ext4 \/dev\/mapper\/luks-48a05e5e-1338-4278-a5cb-69657b2423e4 # mount \/dev\/mapper\/luks-48a05e5e-1338-4278-a5cb-69657b2423e4 \/mnt\/luks\/# umount \/mnt\/luks# cryptsetup close luks-48a05e5e-1338-4278-a5cb-69657b2423e4# mount \/dev\/mapper\/luks-48a05e5e-1338-4278-a5cb-69657b2423e4 \/mnt\/luks\/# umount \/mnt\/luks# cryptsetup close luks-48a05e5e-1338-4278-a5cb-69657b2423e4 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[6,7],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/posts\/341"}],"collection":[{"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=341"}],"version-history":[{"count":14,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/posts\/341\/revisions"}],"predecessor-version":[{"id":400,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/posts\/341\/revisions\/400"}],"wp:attachment":[{"href":"https:\/\/blog.hegars.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}