Overview

The luks-tools package contains various utilities for working with LUKS-protected filesystems. HAL uses these utilities to automatically mount encrypted volumes when they are attached to a system, provided the user can produce the correct passphrase. These utilities are written as separate programs to allow MAC systems like SELinux to have fine-grained control over them.

luks-format

A utility that formats a filesystem to contain a LUKS encryption header.

luks-is-encrypted

A tool that can determine if a filesystem contains a LUKS encryption header.

luks-setup

A utility that sets up the dm-crypt device map for a partition.

gnome-luks-format

A GNOME front-end for luks-format.

Details

The following is an example of how to create an encrypted filesystem and prepare it for mounting:

luks-format -v -t ext3 -c aes -l 256 -n MyLuksVolume /dev/sda4

The luks-format step may take quite some time because it overwrites the partition with random data before it does anything else.

Once luks-format has been run, a device mapper entry should exist in /dev/mapper. This device may be mounted as any other appropriate block device:

mount /dev/mapper/luks_crypto_f20d9b37-ebe6-42c9-9665-CV035a81f0f3 /mnt

A volume that has already been initialized with a LUKS header and formatted may be mounted as follows:

luks-setup /dev/sda4
mount /dev/mapper/luks_crypto_f20d9b37-ebe6-42c9-9665-cb035a81f0f3 /mnt