Cryptsetup

From S23Wiki
Jump to: navigation, search

cryptsetup

the allround linux Crypt disk toy

Open / Mount

The cryptsetup util will map a crypted disk / file as a normal mountpoint you can then mount the mapped drive

cryptsetup open --type [plain|luks|luks1|luks2|loopaes|tcrypt] /home/user1/private_file private_mountname
mount /dev/mapper/private_mountname /mnt/private_mount_point


Veracrypt / Truecrypt

cryptsetup open --type tcrypt --veracrypt  /home/user1/private_file private_map_name
mount /dev/mapper/private_map_name /mnt/private_mount_point

Check Status

cryptsetup status private_map_name

Close / Unmount

you must remember to sync and unmount the mount before closing it

# sync
# umount /mnt/private_mount_point
# cryptsetup close private_map_name

Using cryptsetup with LUKS disks

Install LUKS

apt-get install lvm2 cryptsetup
modprobe | grep dm_crypt
fdisk -l

Open LUKS

cryptsetup luksOpen /dev/sda5 crypt1

or the more modden way is

cryptsetup open --type luks /dev/sda5 crypt1


Add the keyfile to LUKS

cryptsetup luksAddKey /dev/sdX /root/keyfile

Auto mount

add the drive to the "/etc/crypttab"

sdX_crypt      /dev/sdX  /root/keyfile  luks

or use the uuid:

ls -l /dev/disk/by-uuid/
sdX_crypt      /dev/disk/by-uuid/247ad289-dbe5-4419-9965-e3cd30f0b080  /root/keyfile  luks


Start Crypt disks

cryptdisks_start <disk name from crypttab>
cryptdisks_stop <disk name from crypttab>