Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [luks]

Questions specific to LUKS (Linux Unified Key Setup) disk-encryption specification in general, such as setup questions or questions about how LUKS works. Use this tag if your question directly involves the LUKS disk encryption; do not use it if you just happen to be using an encrypted LUKS disk and your question is about a specific Linux configuration.

LUKS (Linux Unified Key Setup) is a disk-encryption specification. It is the standard for Linux hard disk encryption. LUKS stores all setup necessary setup information in the partition header, enabling the user to transport or migrate his data seamlessly.

Website: https://gitlab.com/cryptsetup/cryptsetup

Wikipedia: http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup

770 questions
67
votes
9 answers

Extend a LUKS encrypted partition to fill disk

I recently upgraded my disk from a 128GB SSD to 512GB SSD. The / partition is encrypted with LUKS. I'm looking for help extending the partition to use all the free space on the new disk. I've already dd'd the old drive onto the new…
NisplayDame
  • 1,671
  • 1
  • 10
  • 9
36
votes
1 answer

How do I change a LUKS password?

I would like to change a LUKS password. I want to remove my old password, but I would like to try out my new password before removing the original. I obviously know the old password. I would like to use the terminal not GUI. I have sensitive data on…
user
  • 2,227
  • 6
  • 20
  • 25
35
votes
2 answers

Detemine which luks slot a passphrase is in

I have a luks-encrypted partition that was protected by a passphrase and a key file. The key file was for routine access and the passphrase was in a sealed envelope for emergencies. May months went by and I accidentally shredded the key file, so I…
Huckle
  • 975
  • 2
  • 8
  • 30
32
votes
1 answer

Change password on a LUKS filesystem without knowing the password

I have a Debian Wheezy server that's been running for a while with an encrypted drive. The password for the encrypted drive (/dev/sda5) was lost when my encrypted password file was corrupted. I'd like to be able to reboot this server, but that will…
Ethan
  • 433
  • 1
  • 4
  • 6
31
votes
2 answers

List open dm-crypt LUKS volumes

If I mount a simple loop device, losetup -a give me the devices opened. Is something similar possible with cryptsetup?
elbarna
  • 12,050
  • 22
  • 92
  • 170
29
votes
4 answers

How to remove LUKS encryption?

I tried removing LUKS encryption on my home directory using the following command: cryptsetup luksRemoveKey /dev/mapper/luks-3fd5-235-26-2625-2456f-4353fgdgd But it gives me an error saying: Device /dev/mapper/luks-3fd5-235-26-2625-2456f-4353fgdgd…
Question Overflow
  • 4,568
  • 19
  • 57
  • 84
27
votes
3 answers

Best practice to backup a LUKS encrypted device

What's the fastest method to backup and restore a luks encrypted device (e.g. a full encrypted usb-device to a image-file). The usb-device can be decrypted/accessed. I'm looking for a solution to mount the backup image as a file (encryped). Can it…
mate64
  • 1,469
  • 5
  • 16
  • 24
26
votes
5 answers

How can I set a label on a dm-crypt+LUKS container?

I just received a new USB flash drive, and set up 2 encrypted partitions on it. I used dm-crypt (LUKS mode) through cryptsetup. With an additional non-encrypted partition, the drive has the following structure: /dev/sdb1, encrypted, hiding an ext4…
John WH Smith
  • 15,500
  • 6
  • 51
  • 62
25
votes
2 answers

How to determine what encryption is being used a LUKS partition?

What command can be used to determine the used encryption on a LUKS partition (all the relevant information, initialization vector, generation scheme, mode of operation and block cipher primitive)?
user
  • 2,227
  • 6
  • 20
  • 25
25
votes
1 answer

Abysmal general dm-crypt (LUKS) write performance

I am investigating a problem where encrypting a block device imposes a huge performance penalty when writing to it. Hours of Internet reading and experiments did not provide me with a proper understanding, let alone a solution. The question in…
schlimmchen
  • 1,307
  • 2
  • 12
  • 16
23
votes
2 answers

How can I shrink a LUKS partition, what does `cryptsetup resize` do?

I am in progress of resizing a LUKS encrypted partition that contains a single ext4 filesystem (no LVM or something). The cryptsetup FAQ recommends to remove the old partition and recreate it, but that sounds like wasting a lot time. Therefore I…
Lekensteyn
  • 20,173
  • 18
  • 71
  • 111
20
votes
1 answer

Restore a LUKS partition that was overwritten by pvcreate

I accidentally created a new physical volume over my LUKS partition; nothing else happened. The LUKS partition contains a LVM setup and the root partition (this setup was initially created by the debian installer). I can see that the LUKS partition…
Philipp Ludwig
  • 395
  • 1
  • 14
19
votes
1 answer

What does `cryptsetup resize` do if LUKS doesn't store partition size?

The LUKS / dm-crypt / cryptsetup FAQ page says: 2.15 Can I resize a dm-crypt or LUKS partition? Yes, you can, as neither dm-crypt nor LUKS stores partition size. I'm befuzzled: What is "resized" if no size information is stored? How does a…
Tom Hale
  • 28,728
  • 32
  • 139
  • 229
19
votes
2 answers

How to change the hash-spec and iter-time of an existing dm-crypt LUKS device?

How can I change the hash-spec and iter-time of an existing dm-crypt LUKS device? Clearly I can pass the options if I create a new device, for example something like this: sudo cryptsetup luksFormat --cipher aes-cbc-essiv:sha256 --key-size 256…
student
  • 17,875
  • 31
  • 103
  • 169
18
votes
2 answers

Is there a way to encrypt disk without formatting it?

When I was installing my OS, I didn't encrypt. Is there a way to encrypt it now without formatting and without losing any data? I read a few guides how to encrypt and every one says that I need to backup all my data because I will lose it. Is there…
user
  • 181
  • 1
  • 1
  • 3
1
2 3
51 52