diff --git a/pages/linux/cryptsetup-luksformat.md b/pages/linux/cryptsetup-luksformat.md new file mode 100644 index 0000000000..7eb272b793 --- /dev/null +++ b/pages/linux/cryptsetup-luksformat.md @@ -0,0 +1,17 @@ +# cryptsetup luksFormat + +> Initialize a LUKS partition and the initial key slot (0) with a passphrase or keyfile. +> Note: this operation overwrites all data on the partition. +> More information: . + +- Initialize a LUKS volume with a passphrase: + +`cryptsetup luksFormat {{/dev/sdXY}}` + +- Initialize a LUKS volume with a keyfile: + +`crypsetup luksFormat {{/dev/sdXY}} {{path/to/keyfile}}` + +- Initialize a LUKS volume with a passphrase and set its label: + +`cryptsetup luksFormat --label {{label}} {{/dev/sdXY}}` diff --git a/pages/linux/cryptsetup-open.md b/pages/linux/cryptsetup-open.md new file mode 100644 index 0000000000..a0d8b4a1f9 --- /dev/null +++ b/pages/linux/cryptsetup-open.md @@ -0,0 +1,26 @@ +# cryptsetup open + +> Create a decrypted mapping of an encrypted volume. +> Note: with TRIM enabled, minimal data leakage in form of freed block information, perhaps sufficient to determine the filesystem in use may occur. +> However, you still most likely want to enable it, because the data inside is still safe and SSDs without TRIM will wear out faster. +> More information: . + +- Open a LUKS volume and create a decrypted mapping at `/dev/mapper/mapping_name`: + +`cryptsetup open {{/dev/sdXY}} {{mapping_name}}` + +- Use a keyfile instead of a passphrase: + +`cryptsetup open --key-file {{path/to/file}} {{/dev/sdXY}} {{mapping_name}}` + +- Allow the use of TRIM on the device: + +`cryptsetup open --allow-discards {{/dev/sdXY}} {{mapping_name}}` + +- Write the `--allow-discards` option into the LUKS header (the option will then always be used when you open the device): + +`cryptsetup open --allow-discards --persistent {{/dev/sdXY}} {{mapping_name}}` + +- Open a LUKS volume and make the decrypted mapping read-only: + +`cryptsetup open --readonly {{/dev/sdXY}} {{mapping_name}}` diff --git a/pages/linux/cryptsetup.md b/pages/linux/cryptsetup.md index a53048d45d..7466f0c4ea 100644 --- a/pages/linux/cryptsetup.md +++ b/pages/linux/cryptsetup.md @@ -1,20 +1,25 @@ # cryptsetup -> Manage plain dm-crypt and LUKS (Linux Unified Key Setup) encrypted volumes. -> More information: . +> Manage plain `dm-crypt` and LUKS (Linux Unified Key Setup) encrypted volumes. +> Some subcommands such as `luksFormat` have their own usage documentation. +> More information: . -- Initialize a LUKS volume (overwrites all data on the partition): +- Initialize a LUKS volume with a passphrase (overwrites all data on the partition): -`cryptsetup luksFormat {{/dev/sda1}}` +`cryptsetup luksFormat {{/dev/sdXY}}` -- Open a LUKS volume and create a decrypted mapping at `/dev/mapper/target`: +- Open a LUKS volume and create a decrypted mapping at `/dev/mapper/mapping_name`: -`cryptsetup luksOpen {{/dev/sda1}} {{target}}` +`cryptsetup open {{/dev/sdXY}} {{mapping_name}}` + +- Display information about a mapping: + +`cryptsetup status {{mapping_name}}` - Remove an existing mapping: -`cryptsetup luksClose {{target}}` +`cryptsetup close {{mapping_name}}` -- Change the LUKS volume's passphrase: +- Change a LUKS volume's passphrase: -`cryptsetup luksChangeKey {{/dev/sda1}}` +`cryptsetup luksChangeKey {{/dev/sdXY}}`