Comments on: How to Encrypt Drives Using LUKS in Fedora Linux https://www.tecmint.com/encrypt-drives-using-luks-in-fedora-linux/ Tecmint - Linux Howtos, Tutorials, Guides, News, Tips and Tricks. Tue, 02 Jun 2020 17:40:05 +0000 hourly 1 By: jamacoe https://www.tecmint.com/encrypt-drives-using-luks-in-fedora-linux/comment-page-1/#comment-1336229 Tue, 02 Jun 2020 17:40:05 +0000 https://www.tecmint.com/?p=32888#comment-1336229 In reply to jamacoe.

Hi @aaron:

In fstabs I have to include ‘defaults‘ after the file system xfs, otherwise, I boot to service mode.

]]> By: jamacoe https://www.tecmint.com/encrypt-drives-using-luks-in-fedora-linux/comment-page-1/#comment-1336227 Tue, 02 Jun 2020 17:23:05 +0000 https://www.tecmint.com/?p=32888#comment-1336227 In reply to jamacoe.

Same with restore:

[root@centos7 backups]# ls -l /root/backups/luk*

-r——–. 1 root root 1052672 2. Jun 18:59 /root/backups/luk-back
[root@centos7 backups]# cryptsetup -v luksHeaderRestore –header-backup-file /root/backups/luk-back /dev/mapper/luk-a6ca7926-d9b9-4633-8567-7c42d1f1d1d9

WARNING!
========
Device /dev/mapper/luk-a6ca7926-d9b9-4633-8567-7c42d1f1d1d9 does not contain LUKS header. Replacing header can destroy data on that device.

Are you sure? (Type uppercase yes): n
Command failed with code -1 (wrong or missing parameters).
[root@centos7 backups]# cryptsetup -v luksHeaderRestore –header-backup-file /root/backups/luk-back /dev/sdb1

WARNING!
========
Device /dev/sdb1 already contains LUKS header. Replacing header will destroy existing keyslots.

Are you sure? (Type uppercase yes): YES
Command successful.
[root@centos7 backups]# ls -l /mnt/test1
total 4
-rw-r–r–. 1 root root 5 2. Jun 19:00 test.txt
[root@centos7 backups]#

]]> By: jamacoe https://www.tecmint.com/encrypt-drives-using-luks-in-fedora-linux/comment-page-1/#comment-1336216 Tue, 02 Jun 2020 15:45:55 +0000 https://www.tecmint.com/?p=32888#comment-1336216 Hi @Aaron, I stumbled over the same issue as @freedom.

Man cryptsetup:

# luksHeaderBackup  --header-backup-file

And I figured that the device has to be the mount point, not the /dev/mapper/.

Only this worked on my CentOS 7:

# cryptsetup luksHeaderBackup /dev/sdb1 --header-backup-file luk-back
]]> By: Stef https://www.tecmint.com/encrypt-drives-using-luks-in-fedora-linux/comment-page-1/#comment-1329720 Sat, 25 Apr 2020 19:56:55 +0000 https://www.tecmint.com/?p=32888#comment-1329720 In reply to Hualing.

I had the same reaction the first time I used luks. If you zeroed the device and applied luksFormat, it is perfectly normal to find zeros after the header. This is because luksFormat does not attempt to encrypt the data in the specified device.

Those zeros are now the encrypted form of “a decrypted something” that can be retrieved by reading the device created by luksOpen. Of course, as soon as you write in luksOpen, the zeros in /dev/mmcblk2gp0p2 will be replaced by encrypted data that look random.

The key slots area is large because it can store multiple keys of size 258048 (see in the luksDump output and also the luksAdd command). One could argue that 16744448/258048 = 64 keys is a bit too much.

You can reduce the size and so the maximum number of keys with the option --luks2-keyslots-size (see man cryptsetup).

]]> By: Aaron Kili https://www.tecmint.com/encrypt-drives-using-luks-in-fedora-linux/comment-page-1/#comment-1312789 Mon, 20 Jan 2020 10:23:28 +0000 https://www.tecmint.com/?p=32888#comment-1312789 In reply to Walter.

@Walter

You have to enter the passphrases twice to open both partitions. If you can find a password caching script for Fedora, you can try using it. Besides, you have to find an RPM package for Fedora.

]]>