42 lines
No EOL
1 KiB
Markdown
42 lines
No EOL
1 KiB
Markdown
---
|
|
aliases: ["dm-crypt"]
|
|
obj: filesystem
|
|
---
|
|
# LUKS
|
|
a transparent disk encryption subsystem in the [Linux](../Linux.md) kernel. It is implemented as a device mapper target and may be stacked on top of other device mapper transformations. It can thus encrypt whole disks (including removable media), partitions, software [RAID](RAID.md) volumes, logical volumes, as well as files. It appears as a block device, which can be used to back file systems, swap or as an [LVM](LVM.md) physical volume
|
|
|
|
## Usage
|
|
Initialize device:
|
|
```shell
|
|
cryptsetup luksFormat device
|
|
```
|
|
|
|
Open device:
|
|
```shell
|
|
cryptsetup open device dmname
|
|
```
|
|
Device will be mapped in `/dev/mapper/dmname`
|
|
|
|
Close device:
|
|
```shell
|
|
cryptsetup close dmname
|
|
```
|
|
|
|
Show device info:
|
|
```shell
|
|
cryptsetup luksDump device
|
|
```
|
|
|
|
Resize device:
|
|
```shell
|
|
cryptsetup resize device
|
|
```
|
|
|
|
## Crypttab
|
|
Define crypto targets in `/etc/crypttab`
|
|
```
|
|
name underlying device passphrase cryptsetup options
|
|
backup /dev/sdb1 /key/backup.key
|
|
```
|
|
|
|
After devices are unlocked they can be mounted using fstab. |