Move cryptography to linux
This commit is contained in:
parent
82ab1d60fa
commit
aad8f5208d
@ -1,65 +0,0 @@
|
|||||||
<!DOCTYPE html>
|
|
||||||
<HTML LANG="en">
|
|
||||||
<HEAD>
|
|
||||||
<LINK HREF="http://www.trinity.moe/knowledge/cryptography" REL="canonical" />
|
|
||||||
<LINK HREF="https://raw.githubusercontent.com/devenblake/homepage/main/favicon.ico" REL="shortcut icon" TYPE="image/x-icon" />
|
|
||||||
<LINK HREF="/css/blank.css" ID="styling" REL="stylesheet" />
|
|
||||||
<META CHARSET="UTF-8" />
|
|
||||||
<META CONTENT="noindex" NAME="googlebot" /> <!-- FUCK GOOGLE -->
|
|
||||||
<META CONTENT="interest-cohort=()" HTTP-EQUIV="Permissions-Policy" /> <!-- FUCK GOOGLE -->
|
|
||||||
<META NAME="viewport" CONTENT="width=device-width, initial-scale=1" />
|
|
||||||
<TITLE>knowledge/cryptography</TITLE>
|
|
||||||
</HEAD>
|
|
||||||
<BODY>
|
|
||||||
<P><A HREF="/">~ Return to the rest of the site</A></P>
|
|
||||||
<SCRIPT SRC="/js/cookies.js" TYPE="application/javascript"></SCRIPT>
|
|
||||||
<SCRIPT SRC="/js/sheets.js" TYPE="application/javascript"></SCRIPT>
|
|
||||||
<SCRIPT TYPE="application/javascript">window.onload = window.initializesheets;</SCRIPT>
|
|
||||||
<H1>cryptography</H1>
|
|
||||||
<H3>updated 2021-11-09</H3>
|
|
||||||
<HR ALIGN="left" SIZE="1" WIDTH="25%" />
|
|
||||||
<P><B>
|
|
||||||
This information is not authoritative, nor from a place of deep knowledge.
|
|
||||||
</B></P>
|
|
||||||
<H2 ID="luks_partitioning">LUKS partitioning</H2>
|
|
||||||
<H3>Sources</H3>
|
|
||||||
<UL>
|
|
||||||
<LI><A HREF="https://www.cyberciti.biz/security/how-to-backup-and-restore-luks-header-on-linux/">How to backup and restore LUKS header on Linux</A></LI>
|
|
||||||
<LI><A HREF="https://devconnected.com/how-to-encrypt-partition-on-linux/">How To Encrypt Partition on Linux</A></LI>
|
|
||||||
<LI><A HREF="https://unixfuntime.wordpress.com/2012/08/20/luks-passphrases-changing-adding-removing/">LUKS passphrases: Changing, adding, removing</A></LI>
|
|
||||||
</UL>
|
|
||||||
<P>
|
|
||||||
To format a partition for LUKS, use <CODE>lsblk</CODE> to determine the physical block device location for that partition and run <CODE>cryptsetup luksFormat [<I>partition</I>]</CODE>.
|
|
||||||
The passphrase used can be changed or removed after creation.
|
|
||||||
</P>
|
|
||||||
<P>
|
|
||||||
To open a LUKS partition, use <CODE>cryptsetup luksOpen [<I>partition</I>] [<I>name</I>]</CODE>.
|
|
||||||
This <I>name</I> is the name the <I>decrypted block device</I> location will take in <CODE>/dev/mapper/</CODE>.
|
|
||||||
Before the decrypted block device has a filesystem it'll just be cleared space - use <CODE>mkfs.[<I>filesystem</I>] /dev/mapper/[<I>name</I>]</CODE>.
|
|
||||||
</P>
|
|
||||||
<P>
|
|
||||||
To mount an opened LUKS partition, use <CODE>mount(8)</CODE> as normal, just with the decrypted block device location.
|
|
||||||
</P>
|
|
||||||
<P>
|
|
||||||
To close an open LUKS partition, <CODE>umount(8)</CODE> it if it's open and <CODE>cryptsetup luksClose [<I>name</I>]</CODE>.
|
|
||||||
</P>
|
|
||||||
<P>
|
|
||||||
To make the LUKS partition openable via keyfile, first make a keyfile (<CODE>dd if=/dev/urandom of=/root/keyfile bs=1024 count=4</CODE> seems to work), and optionally make it readable by root only (<CODE>chmod 0400 [<I>keyfile</I>]</CODE>).
|
|
||||||
Then add the keyfile to the partition's LUKS header with <CODE>cryptsetup luksAddKey [<I>physical partition block device</I>] [<I>keyfile</I>]</CODE>.
|
|
||||||
</P>
|
|
||||||
<H2>SSH keys</H2>
|
|
||||||
<H3>Sources</H3>
|
|
||||||
<UL>
|
|
||||||
<LI><A HREF="https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account">Adding a new SSH key to your GitHub account</A> (GitHub Docs)</LI>
|
|
||||||
<LI><A HREF="https://docs.github.com/en/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys">Checking for existing SSH keys</A> (GitHub Docs)</LI>
|
|
||||||
<LI><A HREF="Generating a new SSH key and adding it to the ssh-agent">Generating a new SSH key and adding it to the ssh-agent</A> (GitHub Docs)</LI>
|
|
||||||
</UL>
|
|
||||||
<P>SSH keys are typically stored in <CODE>$HOME/.ssh</CODE>.</P>
|
|
||||||
<P>Typically, the public key's filename will be suffixed with <CODE>.pub</CODE>, while the private key will not.</P>
|
|
||||||
<P>You can generate an SSH key with <CODE>ssh-keygen(1)</CODE>. Currently the preferred implementation is <CODE>openssh-keygen</CODE>, part of the OpenSSH suite.</P>
|
|
||||||
<P>
|
|
||||||
Microsoft GitHub documentation suggests a user create a key with <CODE>ssh-keygen -t ed25519 -C "[<I>e-mail address</I>]"</CODE>.
|
|
||||||
This generates an <A HREF="https://en.wikipedia.org/wiki/EdDSA#Ed25519">Ed25519</A> SSH key with an e-mail address in the key comment.
|
|
||||||
</P>
|
|
||||||
</BODY>
|
|
||||||
</HTML>
|
|
||||||
@ -76,6 +76,8 @@ Debian is a Linux software distribution known for its stability and longevity.
|
|||||||
Debian uses SystemD as its initialization system, the GNU core utilities, and dpkg and apt for package management.
|
Debian uses SystemD as its initialization system, the GNU core utilities, and dpkg and apt for package management.
|
||||||
</P>
|
</P>
|
||||||
|
|
||||||
|
<H2 ID="fonts">Fonts</H2>
|
||||||
|
|
||||||
<H2 ID="fstab">fstab</H2>
|
<H2 ID="fstab">fstab</H2>
|
||||||
<P>See <CODE>fstab(5).</CODE></P>
|
<P>See <CODE>fstab(5).</CODE></P>
|
||||||
<P>postmarketOS requires that the <CODE>localmount</CODE> OpenRC service be enabled for the system to read <CODE>fstab(5)</CODE>.
|
<P>postmarketOS requires that the <CODE>localmount</CODE> OpenRC service be enabled for the system to read <CODE>fstab(5)</CODE>.
|
||||||