Questions tagged [cryptsetup]
cryptsetup is a command-line utility for managing disk volumes encrypted using the dm-crypt kernel subsystem (Linux versions 2.6 up and DragonFly BSD).
246
questions
0
votes
1
answer
36
views
Ext4 filesystem in LUKS container - container size calculation
On my Linux system I have a file "1gb.file" that is 1073741824 bytes in size.
This file I'll put into a LUKS container ("1gb.file.crypt") with ext4 filesystem inside.
What size ...
- 153
3
votes
2
answers
271
views
Does crypttab's "key-slot" option mean LUKS will try that keyslot "only", or "first"?
I am following the Debian dev's guide to full disk encryption. I am currently on Section 4, step 3- editing /etc/crypttab.
In the guide, in section 3 they set up keyslot 0 for something else and now ...
- 69
1
vote
1
answer
43
views
Using cryptsetup and mount without sudo
I'm trying to build a CLI to easily manage the backups I have on my hard drives. Currently I use LUKS to encrypt the drives and duplicity to manage the backup process, and I have a simple bash script ...
- 11
0
votes
0
answers
31
views
What is correct cipher name for the cryptsetup to use HCTR2 wideblock encryption?
By googling, trial and error I came up with the following string:
cryptsetup benchmark -c aes-xctr-plain64
but I'm not sure whether it is correct.
The cipher spec aes-xctr-plain64,polyval-generic ...
- 143
0
votes
0
answers
53
views
Why is the --integrity switch in cryptsetup luksFormat still considered experimental?
As of 2024, the --integrity switch in cryptsetup luksFormat is still marked as experimental in the cryptsetup manpage:
WARNING: This extension is EXPERIMENTAL and requires dm-integrity kernel ...
- 141
0
votes
0
answers
52
views
run a date command before unlocking encrypted volume at startup
When the PC boots up I have to enter quite a long password to unlock the hard drive.
Next, Debian proceeds to boot, and only once it has booted and I have then entered the login credentials can I see ...
- 602
0
votes
1
answer
267
views
cryptsetup: "Walting for encrypted source device" when removing disk from RAID1
I'm under Debian 12 bookworm. Partition layout is as follows:
sdX1 (EFI files)
sdX2 (boot, md-raid1)
sdX3 (root, dm-crypt, luks, md-raid1)
As soon as i remove one of the disks and try to boot from a ...
1
vote
2
answers
149
views
How risky is it writing a mounted bitlocker decrypted windows ntfs partition
I setup up a multi os system with Windows11 and Linux.
I found out, that it's possible to mount bitlocker encrypted ntfs windows partition (/dev/sda3 as root) from linux:
cryptsetup bitlkDump /dev/...
0
votes
1
answer
50
views
Would there be a difference in running cryptsetup from a Ubuntu USB FD vs internal disk?
Meaning Ubuntu installed on a USB vs an HDD. Would it make a difference security wise, example speed with USB during luksFormat with the specified iter time? Or a difference running it through USB or ...
user490829
2
votes
1
answer
121
views
how to close encrypted partition with nested partition table?
If I create an encrypted partition using cryptsetup
cryptsetup -q luksFormat /dev/vdb3 /tmp/pwfile
cryptsetup -d /tmp/pwfile luksOpen /dev/vdb3 pv00
and setup a nested gpt partition table on /dev/...
- 23
1
vote
1
answer
471
views
Encrypted LVM "is not a valid LUKS device", cannot boot or open
I have an Arch installation on a LUKS-encrypted LVM. After I installed Debian on a different NVME drive I'm no longer able to cryptsetup open the partition from other systems, nor can I boot into Arch....
- 21
0
votes
0
answers
80
views
Command needed to mount a LUKS partition on ubuntu
Ubuntu -
I need to mount my LUKS encrypted partitions in read only mode.
Have searched online, but no commands have worked.
$ lsblk
SDA 8:0 0 5.5T 0 disk
SDA1 8:1 0 1.4T 0 part
Partition name 253:0 1....
0
votes
2
answers
519
views
Warning from cryptsetup-initramfs
Since today I get the following warning when running update-initramfs -u:
cryptsetup: WARNING: The initramfs image may not contain cryptsetup binaries
nor crypto modules. If that's on purpose, ...
- 135
0
votes
1
answer
646
views
Ubuntu 22.04 cryptsetup-reencrypt fails with "Cannot exclusively open /dev/mmcblk0p3, device in use"
I have an Ubuntu 22.04 system and need to change the LUKS encryption key and re-encrypt the data. This is the root filesystem, so I can't unmount it, and I don't have physical access to boot a live ...
- 109
0
votes
0
answers
33
views
cryptsetup create quits after a first password letter
I've got a simple script that's been used for years and years on one particular server to mount an encrypted home partition. It's got this line to create /dev/mapper/cr_sdb1:
cryptsetup create cr_sdb1 ...
- 51