trinity/src
1
0
Fork 0
Code Activity

move non platform specific LUKS stuff to cryptography.html

Browse Source
This commit is contained in:
dtb
2021-11-09 07:58:21 -05:00
parent ec98c77aae
commit 7e323d6772
2 changed files with 31 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
homepage/knowledge/cryptography.html
View File

@@ -16,11 +16,37 @@
<SCRIPT SRC="/js/sheets.js" TYPE="application/javascript"></SCRIPT>
<SCRIPT TYPE="application/javascript">window.onload = window.initializesheets;</SCRIPT>
<H1>cryptography</H1>
<H3>updated 2021-10-14</H3>
<H3>updated 2021-11-09</H3>
<HR ALIGN="left" SIZE="1" WIDTH="25%" />
<P><B>
This information is not authoritative, nor from a place of deep knowledge.
</B></P>
<H2 ID="luks_partitioning">LUKS partitioning</H2>
<H3>Sources</H3>
<UL>
<LI><A HREF="https://www.cyberciti.biz/security/how-to-backup-and-restore-luks-header-on-linux/">How to backup and restore LUKS header on Linux</A></LI>
<LI><A HREF="https://devconnected.com/how-to-encrypt-partition-on-linux/">How To Encrypt Partition on Linux</A></LI>
<LI><A HREF="https://unixfuntime.wordpress.com/2012/08/20/luks-passphrases-changing-adding-removing/">LUKS passphrases: Changing, adding, removing</A></LI>
</UL>
<P>
To format a partition for LUKS, use <CODE>lsblk</CODE> to determine the physical block device location for that partition and run <CODE>cryptsetup luksFormat [<I>partition</I>]</CODE>.
The passphrase used can be changed or removed after creation.
</P>
<P>
To open a LUKS partition, use <CODE>cryptsetup luksOpen [<I>partition</I>] [<I>name</I>]</CODE>.
This <I>name</I> is the name the <I>decrypted block device</I> location will take in <CODE>/dev/mapper/</CODE>.
Before the decrypted block device has a filesystem it'll just be cleared space - use <CODE>mkfs.[<I>filesystem</I>] /dev/mapper/[<I>name</I>]</CODE>.
</P>
<P>
To mount an opened LUKS partition, use <CODE>mount(8)</CODE> as normal, just with the decrypted block device location.
</P>
<P>
To close an open LUKS partition, <CODE>umount(8)</CODE> it if it's open and <CODE>cryptsetup luksClose [<I>name</I>]</CODE>.
</P>
<P>
To make the LUKS partition openable via keyfile, first make a keyfile (<CODE>dd if=/dev/urandom of=/root/keyfile bs=1024 count=4</CODE> seems to work), and optionally make it readable by root only (<CODE>chmod 0400 [<I>keyfile</I>]</CODE>).
Then add the keyfile to the partition's LUKS header with <CODE>cryptsetup luksAddKey [<I>physical partition block device</I>] [<I>keyfile</I>]</CODE>.
</P>
<H2>SSH keys</H2>
<H3>Sources</H3>
<UL>