cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb1 cryptsetup luksOpen /dev/sdb1 TheHD mkfs.ext4 /dev/mapper/TheHD cryptsetup luksClose /dev/mapper/TheHD
cryptsetup luksOpen /dev/sdb1 theHD mount /dev/mapper/theHD /mnt
umount /mnt cryptsetup luksClose /dev/mapper/theHD
cryptsetup luksAddKey /dev/sda5
cryptsetup
asks to the initial passphrase on HD.
cryptsetup luksDump /dev/sda5
cryptsetup luksKillSlot /dev/sda5 2
cryptsetup luksRemoveKey /dev/sda5
cryptsetup luksChangeKey /dev/sda5
Generate key file as root
dd if=/dev/urandom of=/root/keyfile bs=1024 count=4 chmod 0400 /root/keyfile cryptsetup luksAddKey /dev/sdX /root/keyfile
ATTENTION: The hint is not tested.
The idea is to create a encrypted host, which is avialable after a forced reboot (e.g. after a power failure) via ssh.
The Idea:
cryptsetup luksOpen /dev/sda5 DopplerHome cryptsetup luksOpen /dev/sda6 DopplerSwap mkswap /dev/mapper/DopplerSwap mkfs.ext4 /dev/mapper/DopplerHome
cryptsetup luksOpen /dev/sda5 DopplerHome cryptsetup luksOpen /dev/sda6 DopplerSwap swapon /dev/mapper/DopplerSwap mount /dev/mapper/DopplerHome /home
Legen Sie nun eine Container-Datei an; entfällt bei einem vorhandenen Container:
dd if=/dev/urandom of=limejack.repro bs=1G count=80 losetup -f losetup /dev/loop0 limejack.repro cryptsetup --verbose --verify-passphrase luksFormat /dev/loop0 cryptsetup luksOpen /dev/loop0 LJRepro mkfs.ext4 /dev/mapper/LJRepro mount /dev/mapper/LJRepro /path/to/LimeJACK-Repro