-
Install the tools
- apt-get install cryptsetup
-
-y for password confirmation prompt
- cryptsetup -y -v luksFormat /dev/sdx ## THIS DELETES ALL THE DATA
-
Open it and look at status
- cryptsetup luksOpen /dev/sda1 sda1crypt
- cryptsetup -v status sda1crypt
-
Zero the contents device (looks like random data to keyless observers)
- dd if=/dev/zero of=/dev/mapper/sda1crypt bs=128M
- NOTE:
killall -USR1 ddwill print status
-
Put a filesystem on it
- mkfs.ext4 /dev/mapper/sda1crypt
-
Mount it
- mkdir /mnt/sda1crypt
- mount /dev/mapper/sda1crypt /mnt/sda1crypt
-
Unmount it
- umount /mnt/sda1crypt
-
Unmap it
- cryptsetup luksClose sda1crypt
-
Dump header
- sudo cryptsetup luksHeaderBackup /dev/sda3 –header-backup-file luksHeader.bin
-
Test passphrase or keyfile
- sudo cryptsetup open –verbose –test-passphrase luksHeader.bin
- sudo cryptsetup open –verbose –test-passphrase /dev/sda3
- sudo cryptsetup open –verbose –test-passphrase –key-file MyKeyFile.txt /dev/sda3
-
Add a new passphrase or keyfile
- sudo cryptsetup luksAddKey /dev/sda3
- sudo cryptsetup luksAddKey /dev/sda3 MyKeyFile.txt
-
See how many slots are active
- sudo cryptsetup luksDump /dev/sda3
- This will output all settings of luks for this partition.
- sudo cryptsetup luksDump /dev/sda3
-
Remove a password slot
- sudo cryptsetup luksRemoveKey /dev/sda3
- You have to enter the password which you want to delete (it will automatically find the correct password slot
- sudo cryptsetup luksKillSlot /dev/sda3 2
- This will delete password slot 2 (you have to enter the password of any other password slot, but not of slot 2
- This works even if you don’t know the password of slot 2
- sudo cryptsetup luksRemoveKey –key-file MyKeyFile.txt /dev/sda3
- Removes the key file MyKeyFile.txt if it is valid
- sudo cryptsetup luksRemoveKey /dev/sda3