Skip to content

Instantly share code, notes, and snippets.

@dpc

dpc/gist:3055236

Created July 5, 2012 17:58
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dpc/3055236 to your computer and use it in GitHub Desktop.
Save dpc/3055236 to your computer and use it in GitHub Desktop.
Download ZIP
This is how it should look
Raw
gistfile1.txt
#!/bin/bash
# Easy drive encryption script
# using LUKS
DEVICE="$1"
NAME="$2"
KEYDIR="/keys"
KEYFILE="/keys/$NAME.key"
HEADERFILE="/keys/$NAME.luks.header"
MOUNTPOINT="/mnt/$NAME"
if [ -z "$1" -o -z "$2" ]; then
cat <<DELIM
Usage:
./luksus DEVICENAME NICKNAME-of-luks-container
EXAMPLE:
./luksus /dev/sdb1 rambo1
DELIM
exit 1
fi
FILE="/tmp/out.$$"
GREP="/bin/grep"
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
echo "This script will wipe out $DEVICE. Are you sure? Ctrl+C to stop."
read || exit 1
mkdir -p "$MOUNTPOINT"
mkdir -p "$KEYDIR"
shred -v -n1 "$DEVICE"
dd if=/dev/urandom of="$KEYFILE" bs=512 count=256
cryptsetup --verbose --key-size=512 --cipher=aes-xts-plain64 luksFormat "$DEVICE" "$KEYFILE" || exit 1
cryptsetup isLuks "$DEVICE" || exit 1
cryptsetup luksOpen "$DEVICE" "$NAME" --key-file="$KEYFILE" || exit 1
cryptsetup luksHeaderBackup --header-backup-file="$HEADERFILE" "$DEVICE" --verbose || exit
mkfs.ext4 "/dev/mapper/$NAME" || exit 1
mount -t ext4 "/dev/mapper/$NAME" "$MOUNTPOINT" >/dev/null 2>&1 || exit 1
mount -t ext4 "$DEVICE" "$MOUNTPOINT" >/dev/null 2>&1 || exit 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment