tags: linux, cryptsetup, luks, security date: 2018-03-31
cryptsetup isLuks <device>
Returns 0(zero), if <device> is a LUKS device, 1 otherwise. Use option -v to get human-readable feedback.
‘Command successful.’ means the device is a LUKS device.
dd bs=512 count=4 if=/dev/urandom of=/boot/sda3.key
cryptsetup -d /boot/sda3.key luksFormat /dev/sda3
cryptsetup -d sv0.jpg -l 4096 luksFormat /dev/sda4
--key-file, -d name
Read the passphrase from file.
If the name given is "-", then the passphrase will be read from stdin. In this case, reading will not stop at newline characā
ters.
With LUKS, passphrases supplied via --key-file are always the existing passphrases requested by a command, except in the case of
luksFormat where --key-file is equivalent to the positional key file argument.
--keyfile-size, -l value
Read a maximum of value bytes from the key file. The default is to read the whole file up to the compiled-in maximum that can be
queried with --help. Supplying more data than the compiled-in maximum aborts the operation.
This option is useful to cut trailing newlines, for example. If --keyfile-offset is also given, the size count starts after the
offset. Works with all commands that accept key files.
cryptsetup open --type luks -d sv0.jpg -l 4096 /dev/sda4 sda4_lvmcrypt
cryptsetup -d inna.jpg -l 1906 luksFormat /dev/sdb3
cryptsetup luksOpen -d inna.jpg -l 1906 /dev/sdb3 sdb3_luks
mount /dev/mapper/sdb3_luks /mnt/home