1.7 KiB
luksit
luks-encrypt an entire hard drive using a randomly-generated keyfile.
Origins
I based on a tutorial on a github gist that's now down. I found a cached version on bing. That original tutorial can be found in original-tutorial.md.
Installation
Linux & friends
git clone https://gitea.gf4.pw/ki9/luksit.git /usr/local/src/luksit
ln -s /usr/local/src/luksit/luksit /usr/local/bin/luksit
Usage
WARNING! This program will wipe any drive you feed it and replace it with an empty luks-encrypted filesystem. Always read command line prompts before typing 'y'. Always double-check the device filename. Always keep backups of your important data. I am not responsible for misuse of this program.
First, find the device name of the target drive. I use the lsblk command. Others prefer fdisk -l. Check and double check. If you go by the size, ensure you have no other drives of that size.
Assuming the target device file is /dev/sdf, you can create a luks-encrypted ext4 filesystem on that drive by running this command. You can change mydrive to something more memorable. The decryption key will be saved to /root/luks/mydrive.key unless you modify the $KEYDIR var in the script.
luksit sdf mydrive ext4
Mounting on boot
The script does not yet support adding lines to /etc/fstab or /etc/crypttab. Consult the "automountable" section in original-tutorial.md for help with automounting the drive.