LUKS Disk Encryption

We can easily add a key file to LUKS disk encryption on Linux when running the cryptsetup command. A key file is used as the passphrase to unlock an encrypted volume. The passphrase allows Linux users to open encrypted disks utilizing a keyboard or over an ssh-based session. There are different types of key files we can add and enable LUKS disk encryption on Linux as per our needs:

  1. Passphrase keyfile – It is a key file holding a simple passphrase.
  2. Random text keyfile – This is a key file comprising a block of random characters which is much more resistant to dictionary attacks than a simple passphrase-based key file.
  3. Binary keyfile – We can defile an image, video, or any other static binary file as key file for LUKS. It makes it harder to identify as a key file. It would look like a regular image file or video clip to the attacker instead of a random text keyfile.

Let us see how to enable LUKS disk encryption with a key file.
[continue reading…]

On Linux, we encrypt our partitions and entire disk using Linux Unified Key Setup-on-disk-format (LUKS) for security and privacy reasons. We unlock LUKS protected disk by providing a passphrase at boot time. You need to be in front of your computer or use a remote console to open the encrypted disk under Linux at boot time. However, if your system is in the basement, remote datacenter/office, or upstairs office, you won’t able to unlock and boot your Linux box. We can use the Dropbear SSH server for LUKS encrypted Debian or Ubuntu or any other Linux distro via SSH to solve this problem. Let us see how to unlock LUKS using Dropbear SSH keys in Linux at boot time.
[continue reading…]

We use encryption to protect mobile devices. For instance, I always use LUKS disk encryption to protect all files stored on my SSD. Dm-crypt (Cryptsetup and LUKS) open-source disk encryption is transparent disk encryption and a great way to keep your data secure. However, changing passphrase is a bit of a challenge for new Linux users and developers. This step-by-step guide explains how to find LUKS slots assigned to you and change your passphrase on a Debian/Ubuntu, CentOS/RHEL, OpenSUSE/SUSE other Linux distros.
[continue reading…]