Cryptsetup key size

Ask Ubuntu is a question and answer site for Ubuntu users and developers. It only takes a minute to sign up. Connect and share knowledge within a single location that is structured and easy to search.

When I attempt to add the key using cryptsetup luksAddKey I get the maximum keyfile size exceeded error. I have attempted to use the --keyfile-size argument to see if it would override it, but it did not fix it. Also, is there a way to do this same process for the swap, so that I only have to enter one password at boot?

Or would doing that sacrifice security? It sounds like the key file that you are trying to use is at least 8 KiB, which exceeds cryptsetup 's default maximum size. The maximum master key size for LUKS is bits, but it can also be bits. For example, to generate a random bit byte key:. Ubuntu Community Ask! Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group.

Create a free Team What is Teams? Learn more. Asked 6 years, 5 months ago. From a key file : It will be cropped to the size given by -s. If there is insufficient key material in the key file, cryptsetup will quit with an error. Hence, -h is ignored. LUKS will always do an exhaustive password reading. LUKS saves the processing options when a password is set to the respective key slot. Therefore, no options can be given to luksOpen. For any password creation action luksAddKey, or luksFormat , the user specify, how much the time the password processing should consume.

Increasing the time will lead to a more secure password, but also will take luksOpen longer to complete. The default setting of one second is sufficient for good security. Make sure you keep your passwords save. There are a few nice tricks for constructing a fallback, when suddely out of or after being blue, your brain refuses to cooperate.

The number of seconds to wait before timeout. Align payload at a boundary of value byte sectors. There are many kinds of keyfiles. Each type of keyfile used has benefits and disadvantages summarized below:. This is a keyfile containing a simple passphrase. The benefit of this type of keyfile is that if the file is lost the data it contained is known and hopefully easily remembered by the owner of the encrypted volume.

However the disadvantage is that this does not add any security over entering a passphrase during the initial system start. If the file contains special characters such as a backslash, rather than escaping these, it is recommended to simply edit the key file directly entering or pasting the passphrase and then remove the trailing newline with a handy perl one-liner:. This is a keyfile containing a block of random characters.

The benefit of this type of keyfile is that it is much more resistant to dictionary attacks than a simple passphrase. An additional strength of keyfiles can be utilized in this situation which is the length of data used. Since this is not a string meant to be memorized by a person for entry, it is trivial to create files containing thousands of random characters as the key. The disadvantage is that if this file is lost or changed, it will most likely not be possible to access the encrypted volume without a backup passphrase.

This is a binary file that has been defined as a keyfile. When identifying files as candidates for a keyfile, it is recommended to choose files that are relatively static such as photos, music, video clips. The benefit of these files is that they serve a dual function which can make them harder to identify as keyfiles. Instead of having a text file with a large amount of random text, the keyfile would look like a regular image file or music clip to the casual observer.

Additionally, there is a theoretical loss of randomness when compared to a randomly generated text file. This is due to the fact that images, videos and music have some intrinsic relationship between neighboring bits of data that does not exist for a random text file. However this is controversial and has never been exploited publicly. If you are planning to store the keyfile on an external device, you can also simply change the outputfile to the corresponding directory:.

If you stored your temporary keyfile on a physical storage device, and want to delete it, remember to not just remove the keyfile later on, but use something like. For overaged file systems like FAT or ext2 this will suffice while in the case of journaling file systems, flash memory hardware and other cases it is highly recommended to wipe the entire device.

The advantage is that it resides in RAM and not on a physical disk, therefore it can not be recovered after unmounting the ramfs. After copying the keyfile to another secure and persistent file system, unmount the ramfs again with. This is simply a matter of configuring mkinitcpio to include the necessary modules or files and configuring the cryptkey kernel parameter to know where to find the keyfile.

For example, add ext4 if the file system is Ext4 or vfat in case it is FAT :. If there are messages about bad superblock and bad codepage at boot, then you need an extra codepage module to be loaded.

Regenerate the initramfs. This method allows to use a specially named keyfile that will be embedded in the initramfs and picked up by the encrypt hook to unlock the root file system cryptdevice automatically. It may be useful to apply when using the GRUB early cryptodisk feature, in order to avoid entering two passphrases during boot.

The encrypt hook lets the user specify a keyfile with the cryptkey kernel parameter: in the case of initramfs, the syntax is rootfs: path. If using sd-encrypt instead of encrypt , specify the location of the keyfile with the rd. Generate the keyfile , give it suitable permissions and add it as a LUKS key :.

Finally regenerate the initramfs. Namespaces Page Discussion. Views Read View source View history. Tip: You may want to practise encrypting a virtual hard drive in a virtual machine when learning. Tip: The project developers' devconfcz pdf presentation summarizes the motivation for the major specification update to LUKS2.

Warning: All above actions can be used to irrevocably delete the last active key for an encrypted device! The luksErase command was added in version 1.

This action will not prompt for a valid passphrase! It will not wipe the LUKS header , but all keyslots at once and you will, therefore, not be able to regain access unless you have a valid backup of the LUKS header. Note: If one of the LUKS-encrypted partitions' passphrases becomes compromised, you must revoke it on every copy of the cryptheader, even those you have backed up.

Otherwise, a copy of the backed-up cryptheader that uses the compromised passphrase can be used to determine the master key which in turn can be used to decrypt the associated partition even your actual partition, not only the backed-up version. On the other hand, if the master key gets compromised, you have to reencrypt your whole partition.

Warning: tmpfs can swap to the disk in low memory situations, so it is not recommended here. Warning: Restoring the wrong header or restoring to an unencrypted partition will cause data loss! The action can not perform a check whether the header is actually the correct one for that particular device.

Reason: cryptsetup 2. Warning: Always make sure a reliable backup is available and double-check options you specify before using the tool! This might not be the desired behaviour and can be prevented by having a separate and unencryted boot partition. Some system restore applications e. In short, create a partition with the size of at least MiB if needed.

Reason: cryptsetup man pages suggest using twice the LUKS2 header size. Tip: Shrinking to the minimum size with -M might take very long. You might want to calculate a size just 32 MiB smaller than the current size instead of using -M. Warning: The file system should be shrunk while the underlying device e. Some graphical tools e. Tip: If you have just encrypted your root partition, you might need to perform a number of post-encryption adjustments.

Warning: Double-check you specify encryption options for correctly and never re-encrypt without a reliable backup! Reason: This section should be rewritten to introduce resizing more generically. Making a backup before this step is strongly recommended. Note: This section describes using a plaintext keyfile.

Tip: Define a passphrase in addition to the keyfile for backup access to encrypted volumes in the event the defined keyfile is lost or changed. Note: The keyfile containing the passphrase must not have a newline in it. Reason: Add method for sd-encrypt. Warning: Use an embedded keyfile only if you protect the keyfile sufficiently by: Using some form of authentication earlier in the boot process.

Otherwise auto-decryption will occur, defeating completely the purpose of block device encryption. Otherwise root on a different installation including the live environment can extract your key from the initramfs, and unlock the device without any other authentication.

Warning: When initramfs' permissions are set to by default , then all users will be able to dump the keyfile.