Stack Overflow
Stack Overflow

Questions tagged [luks]

The Linux Unified Key Setup or is a disk-encryption specification created by Clemens Fruhwirth in 2004 and originally intended for .

While most disk software implements different and incompatible, undocumented formats, LUKS specifies a platform-independent standard on-disk format for use in various tools. This not only facilitates compatibility and interoperability amongst different programs, but also assures that they all implement password management in a secure and documented manner.

The reference implementation for LUKS operates on Linux and is based on an enhanced version of cryptsetup, using dm-crypt as the disk encryption backend. Under Microsoft Windows, LUKS-encrypted disks can be used with LibreCrypt (formerly DoxBox).

References:

59 questions
21
votes
5 answers

How to load LUKS passphrase from USB, falling back to keyboard?

I want to set up a headless Linux (Debian Wheezy) PC with whole disk encryption, with the ability to unlock the disk either with a USB drive, or by entering a passphrase by keyboard. My starting point is a fresh install using the basic whole disk…
Andrew
  • 5,611
  • 3
  • 27
  • 29
15
votes
0 answers

Autologin and unlock keyring using LUKS passphrase?

I use LUKS full disk encryption on my archlinux system. When i boot my system i used to input the same password three times. That always bothered me. Recently i found out how to unlock the gnome keyring using the login password. Now i would really…
xophos
  • 366
  • 4
  • 19
3
votes
1 answer

LUKS and dm-crypt distinction responsibilities

Reading through the documentation of both dm-crypt and LUKS, I understand that LUKS is a format specification to allow FDE, and that dm-crypt is a dm target which allows encryption / decryption of writes / reads to the block device. However, I'm…
Jasper
  • 302
  • 3
  • 11
3
votes
3 answers

Receiving "No key available with this passphrase" with LUKS

My laptop has an encrypted disk. After an apt upgrade and some hours later a force shutdown my passphrase doesn't decrypt my disk anymore. I booted from a debian live usb stick and tried several things: Can I decrypt the partition with my…
Enthusiasmus
  • 303
  • 2
  • 9
3
votes
2 answers

Volume that is encrypted and not accessible by host?

I want a Docker container which has a storage volume which is inaccessible by the host machine. I have followed this guide, which uses the docker-lvm-plugin plugin to mount a LUKS crypt volume. With some amendments to the approach I ended up doing…
sdgluck
  • 24,894
  • 8
  • 75
  • 90
3
votes
1 answer

How do I make cryptsetup automatically use a key file during mount time?

I am programmatically invoking cryptsetup and would like to pass in a key file on demand at the command line (not interactively). How can I use cryptsetup with luks to take in a key file at the command line?
steve landiss
  • 1,833
  • 3
  • 19
  • 30
3
votes
1 answer

fsync on mapped crypted device with dm-crypt?

I have a question about dm-crypt. Here is my situation. I have an encrypted partition mapped (encrypted in virtual device) using the cryptsetup command in Linux. I am opening the mapped virtual device in a c-program using the open() function. Can i…
mediata
  • 65
  • 1
  • 4
2
votes
0 answers

Nixos zfs encrypted boot installation

I've followed several guides[1,2,3] but cannot get this working. Grub does not prompt me for my password to unlock the disk, and instead I am greeted with this prompt: error: no such device: 397411472d225490. error: unknown filesystem. Entering…
mrbrich
  • 853
  • 1
  • 8
  • 9
2
votes
1 answer

systemd: unlock LUKS encrypted mdadm raid on boot

I set up a RAID using this guide: https://wiki.debian.org/SoftwareRAID on a minimal Stretch install. After that, I cryptsetup luksFormat'ed /dev/md0 (without using LVM). The problem is that the encrypted partition isn't unlocked automatically. My…
trilean
  • 515
  • 5
  • 11
2
votes
0 answers

docker with device-mapper and luks

I'm trying to have docker container stored in a luks device, but using the below command it is not working. I'm also trying to have a docker container to use (and maybe open) a luks file as a volume data, but I don't know how to bind it to the…
gartcimore
  • 43
  • 9
2
votes
0 answers

cryptsetup backend safe with multithreading?

Is there a crypto backend for cryptsetup that either is always thread safe, or can be easily used (or even modified, preferably with minimal effort) in a thread safe manner for simply testing if a key is correct? Background and what I have tried: I…
AttributedTensorField
  • 803
  • 1
  • 8
  • 15
1
vote
0 answers

LUKS2 Encryption NOT Accepting Correct Passphrase

LUKS2 Encryption NOT Accepting Correct Passphrase, please help me to fix. I've the key saved in my "seahorse". It used to work flawlessly until a kernel/apt update. I've attempted, without any…
SethuIT
  • 11
  • 2
1
vote
2 answers

Destroying luks header on dm-crypt linux

I am trying to destroy the luks header on one of my logical volume data1, I am still able to read the file inside data1 after I delete the luks header. I suppose it should not be the case right? Can someone help me in understanding this case? lsblk…
James Sapam
  • 16,036
  • 12
  • 50
  • 73
1
vote
1 answer

How to prevent git from writing files outside user home directory

Problem: Hello team, I'm trying to secure my developer account, the Linux home directory is sitting on top a LUKS encrypted partition. The idea is that if the machine is stolen then the thief will get a nice bricked system as the encrypted…
josevnz
  • 45
  • 1
  • 7
1
vote
0 answers

Why does Cassandra read much more data from disk than required?

We are running Cassandra 3.0.16 on a cluster of i3.2xl instances in AWS. The volumes that store data are encrypted using Luks. We are running a job that needs to read 3TB of data from two tables by running individual queries on single record keys.…
Glen Ireland
  • 11
  • 2
1
2 3 4