16 May 2022
© Игорь Стецюк
mkdir -p ./container/mount ; cd ./container
и переходим в папку ./container.
Все команды выполняем от обычного пользователя.
dd if=/dev/urandom of=container.img bs=1M count=100
100+0 записей получено
100+0 записей отправлено
скопировано 104857600 байт (105 MB), 31,3595 c, 3,3 MB/c
sudo cryptsetup -v -c aes-xts-plain64 -s 512 --hash sha512 --iter-time 5000 luksFormat ./container.img
WARNING!
========
This will overwrite data on ./container.img irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
Command successful.
sudo cryptsetup luksDump ./container.img
LUKS header information for container.img
Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha512
Payload offset: 4096
MK bits: 512
MK digest: dd d2 0c fe 0f 81 1b 35 b5 bd da e0 db d8 f6 77 b9 60 bc cb
MK salt: 31 80 76 d8 2c e6 aa 0d 84 32 f1 6d b6 dd af 78
c8 a5 09 9a f6 05 83 41 5c 06 93 46 19 f6 c8 d9
MK iterations: 43750
UUID: 6e49e36c-0d08-4a6c-bbd1-1028143b2864
Key Slot 0: ENABLED
Iterations: 88397
Salt: 27 9c b3 8e cb 2a 01 a3 5b 37 71 4f f8 5d 02 1d
c0 f2 40 50 4d 8f 8c 9a 2e 62 a0 f0 75 c3 c1 4f
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
sudo cryptsetup luksOpen ./container.img container
Enter passphrase for ./container.img:
ls /dev/mapper/
container@ control
sudo dmsetup info container
Name: container
State: ACTIVE
Read Ahead: 256
Tables present: LIVE
Open count: 0
Event number: 0
Major, minor: 254, 0
Number of targets: 1
UUID: CRYPT-LUKS1-6e49e36c0d084a6cbbd11028143b2864-container
lsblk -p
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
/dev/sda 8:0 0 149,1G 0 disk
+-/dev/sda1 8:1 0 94,1M 0 part /boot
+-/dev/sda2 8:2 0 972,7M 0 part [SWAP]
+-/dev/sda3 8:3 0 18,6G 0 part /
L-/dev/sda4 8:4 0 129,4G 0 part /home
/dev/loop0 7:0 0 100M 0 loop
L-/dev/mapper/container 254:0 0 98M 0 crypt
sudo mkfs.ntfs -L CONTAINER /dev/mapper/container
Cluster size has been automatically set to 4096 bytes.
Initializing device with zeroes: 100% - Done.
Creating NTFS volume structures.
mkntfs completed successfully. Have a nice day.
user=$(id -nu); group=$(id -ng); sudo mount -o uid=$user,gid=$group /dev/mapper/container ./mount/
ls -la ./mount/
drwxrwxrwx 1 igor users 4096 ноя 16 16:33 ./
drwxr-xr-x 4 igor users 4096 ноя 16 13:10 ../
mount | grep container
/dev/mapper/container on /home/igor/Templates/container/mount type fuseblk (rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other,blksize=4096)
sudo umount ./mount
sudo cryptsetup luksClose container
dd if=/dev/urandom of=container.img bs=1M count=100
100+0 записей получено
100+0 записей отправлено
скопировано 104857600 байт (105 MB), 31,1152 c, 3,4 MB/c
dd if=/dev/urandom of=container.key bs=512 count=2
2+0 записей получено
2+0 записей отправлено
скопировано 1024 байта (1,0 kB), 0,0123292 c, 83,1 kB/c
cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 luksFormat ./container.img -d ./container.key
WARNING!
========
This will overwrite data on ./container.img irrevocably.
Are you sure? (Type uppercase yes): YES
Command successful.
sudo cryptsetup luksOpen ./container.img -d ./container.key container
sudo cryptsetup luksAddKey ./container.img -d ./container.key ./container1.key
sudo cryptsetup luksDump ./container.img
LUKS header information for ./container.img
Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha512
Payload offset: 4096
MK bits: 512
MK digest: 4d 21 8e 35 d6 26 83 25 72 b7 5d 18 88 d5 17 d2 0f bf f3 fd
MK salt: 90 9b 6a 93 32 61 7d 05 e6 78 4f c1 18 4c da 30
2b 6e 02 00 a4 e9 02 83 d9 8b b6 46 33 95 bc e0
MK iterations: 43750
UUID: f460f35d-9cf0-4ea0-9c3f-5f90b6102169
Key Slot 0: ENABLED
Iterations: 172041
Salt: b3 90 16 13 d0 4f 33 58 8a 23 06 f7 ae 7a 6e 28
4f 6b 7e 0f 9e 8a 99 92 37 5c e5 89 ea f2 eb ae
Key material offset: 8
AF stripes: 4000
Key Slot 1: ENABLED
Iterations: 34408
Salt: 49 c2 37 6c 4e 1b 32 cb e3 e1 b9 57 48 ee f0 17
aa f5 7b bf f6 47 e2 24 5f 0e 67 a8 65 d2 47 8f
Key material offset: 512
AF stripes: 4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
sudo cryptsetup luksRemoveKey container.img -d ./container1.key
, будут удалены все ключи кроме ./container1.key, если нужно удалить конкретный слот используем sudo cryptsetup luksKillSlot container.img 1
, будет удален ключ первого слота (dkws.org.ua).
df -h | grep container
/dev/mapper/container 98M 91M 8,0M 92% /home/igor/Templates/container/mount
Как видим, свободно всего 8 мегабайт
dd bs=1M count=100 if=/dev/urandom >> ./container.img
100+0 записей получено
100+0 записей отправлено
скопировано 104857600 байт (105 MB), 32,472 c, 3,2 MB/c
sudo cryptsetup luksOpen ./container.img container
Enter passphrase for ./container.img:
sudo cryptsetup resize container
sudo resize2fs /dev/mapper/container
resize2fs 1.42.12 (29-Aug-2014)
Resizing the filesystem on /dev/mapper/container to 202752 (1k) blocks.
The filesystem on /dev/mapper/container is now 202752 (1k) blocks long.
sudo mount /dev/mapper/container ./mount
df -h | grep container
/dev/mapper/container 189M 90M 96M 49% /home/igor/Templates/container/mount
как видим место увеличилось
Под Microsoft Windows зашифрованные диски LUKS могут использоваться с FreeOTFE.