Luks

Installation

sudo apt-get install cryptsetup
sudo yum install cryptsetup-luks

Setup

Creating a Luks encrypted USB disk

  1. Format the device and set the password

bash cryptsetup -y -v luksFormat /dev/xvdc

  1. Open the container

bash sudo cryptsetup luksOpen /dev/xvdc backup

  1. Verify the mapper has been assigned and the container opened correctly.

bash ls -l /dev/mapper/backup

  1. Put a filesystem on it. First zero the partition and the put the FS on it. This can take hours and depends on the size of the disk used and the system resources (2TB took ~20h for me).

    ```bash

    Without Progress bar:

    sudo dd if=/dev/zero of=/dev/mapper/backup

    With progress bar:

    sudo time pv -tpreb /dev/zero | sudo dd of=/dev/mapper/backup bs=128M ````

    ```bash

    Create a FS:

    sudo mkfs.ext4 /dev/mapper/backup ```

Maintenance

Status

View the status of a current mapping

sudo cryptsetup -v status backup

Mount

Mount and access the data at /mnt/disk

sudo cryptsetup luksOpen /dev/xvdc backup
sudo mount /dev/mapper/backup /mnt/disk

Unmount

Unmount the disk and close the container.

sudo umount /mnt/disk
sudo cryptsetup luksClose backup

Change passphrase

New passphrase needs to be provided.

sudo cryptsetup luksDump /dev/xvdc
sudo cryptsetup luksAddKey /dev/xvdc

Remove passphrase

The old passphrase needs to be entered.

sudo cryptsetup luksRemoveKey /dev/xvdc