Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revisionBoth sides next revision | ||
| docs:guide-user:storage:disk.encryption [2019/05/13 06:38] – formatting vgaetera | docs:guide-user:storage:disk.encryption [2023/01/10 20:01] – Updated required packages, added steps to make a key-file and updated decrypt.sh for use in latest openwrt with ash mitchmurder | ||
|---|---|---|---|
| Line 5: | Line 5: | ||
| <code bash> | <code bash> | ||
| - | opkg install kmod-crypto-ecb kmod-crypto-xts kmod-crypto-iv kmod-crypto-misc kmod-crypto-user cryptsetup | + | opkg install kmod-crypto-ecb kmod-crypto-xts kmod-crypto-seqiv kmod-crypto-misc kmod-crypto-user cryptsetup |
| </ | </ | ||
| Line 61: | Line 61: | ||
| Automated: | Automated: | ||
| - | The following script can be used to automate decrypting and mounting removable storage that is encrypted by using entries in ''/ | + | The following script can be used to automate decrypting and mounting removable storage that is encrypted by using entries in ''/ |
| + | <code bash> | ||
| + | cryptsetup luksDump [encrypted-device] | ||
| + | </ | ||
| + | |||
| + | '' | ||
| + | <code bash> | ||
| + | dd if=/ | ||
| + | </ | ||
| + | |||
| + | This will create a key-file that is filled with 4096 bytes of random data. Add this key-file to the LUKS device: | ||
| + | <code bash> | ||
| + | cryptsetup luksAddKey [encrypted-device] [path/ | ||
| + | </ | ||
| + | |||
| + | You will be prompted for the passphrase from above. | ||
| + | |||
| + | <code bash> | ||
| + | cryptsetup luksDump [encrypted-device] | ||
| + | </ | ||
| + | '' | ||
| + | '' | ||
| + | |||
| + | [UUID] and [type-of-encryption] may be obtained from the output of: | ||
| + | <code bash> | ||
| + | block info | ||
| + | </ | ||
| + | |||
| + | '' | ||
| <code bash> | <code bash> | ||
| cat << " | cat << " | ||
| - | # note: this needs bash and awk installed | + | # note: this needs ash and awk installed |
| - | bash / | + | ash / |
| EOF | EOF | ||
| cat << " | cat << " | ||
| - | #!/bin/bash | + | #!/bin/ash |
| # Perform tasks when called by BLOCK hotplug (/ | # Perform tasks when called by BLOCK hotplug (/ | ||
| # CC0: 21JUL18 by WaLLy3K, updated 09AUG18 | # CC0: 21JUL18 by WaLLy3K, updated 09AUG18 | ||
| # Further adapted for OpenWRT 18.06 by jmm on 2018-09-04 | # Further adapted for OpenWRT 18.06 by jmm on 2018-09-04 | ||
| + | # Further apapted for OpenWRT 21.02.2 by mdpc on 2022-12-30 | ||
| # Hotplug Vars: $ACTION (add/ | # Hotplug Vars: $ACTION (add/ | ||
| Line 103: | Line 132: | ||
| BID_RAW=" | BID_RAW=" | ||
| - | BID_UUID=" | + | BID_UUID=" |
| - | BID_TYPE=" | + | BID_TYPE=" |
| # Determine whether drive needs to be decrypted | # Determine whether drive needs to be decrypted | ||
| Line 118: | Line 147: | ||
| fi | fi | ||
| - | CT_LABEL=" | + | CT_LABEL=" |
| - | CT_KEYFILE=" | + | CT_KEYFILE=" |
| - | CT_TYPE=" | + | CT_TYPE=" |
| - | # | + | |
| - | if [[ -e "/ | + | if [[ -e "/ |
| then | then | ||
| msg "Drive already decrypted: $CT_LABEL" | msg "Drive already decrypted: $CT_LABEL" | ||
| Line 135: | Line 163: | ||
| exit 1 | exit 1 | ||
| fi | fi | ||
| - | if [[ ! " | + | if [[ ! " |
| then | then | ||
| msg " | msg " | ||
| Line 142: | Line 170: | ||
| msg " | msg " | ||
| - | cryptsetup luksOpen "/ | + | cryptsetup luksOpen "/ |
| CS_EXIT=" | CS_EXIT=" | ||
| case " | case " | ||
| - | 0) if [ -e "/ | + | 0) if [ -e "/ |
| then | then | ||
| msg "Drive decrypted: $CT_LABEL" | msg "Drive decrypted: $CT_LABEL" | ||