LUKS

Usage⚑

Setup ciphered disk with partitions⚑

1. cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random --verify-passphrase luksFormat
2. cryptsetup luksOpen
3. Create partitions and format.

(https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode)

Add a keyfile⚑

First, create the keyfile with

dd bs=512 count=4 if=/dev/random of=/etc/mykeyfile iflag=fullblock

This will generate a keyfile of 2048 random bytes in the specified location.

Then, set the proper permissions with

chmod 600 /etc/mykeyfile

Then, add the keyfile to the LUKS header with

cryptsetup luksAddKey {luks_partitition} /etc/mykeyfile

Change the passphrase⚑

To change a passphrase of a LUKS device to another:

cryptsetup luksChangeKey {device}

You will be prompted for the old passphrase and the new one twice. The device can be unlocked and in-use while changing the password.

Reference⚑

• (https://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile) Automatically unlock LUKS drives.
• (https://www.maketecheasier.com/change-luks-encryption-passphrase/)