This script provides a user-friendly interface for locking and unlocking LUKS-encrypted volumes. It supports custom mount points, prompts for user input when necessary, and includes robust error handling for a smooth experience. Default actions are provided for ease of use, with the flexibility to specify devices and mount paths as arguments.

luks.sh

#!/bin/bash

# Usage:
# Unlock a LUKS volume with a specified device and default mount path:
# ./luks.sh unlock /dev/sdx1

# Unlock a LUKS volume with a specified device and custom mount path:
# ./luks.sh unlock /dev/sdx1 /mnt/custom_mount

# Lock a LUKS volume with the default mount path:
# ./luks.sh lock

# Lock a LUKS volume with a custom mount path:
# ./luks.sh lock /mnt/custom_mount

# Interactive mode: prompts for action (unlock/lock) and required paths:
# ./luks.sh

# Default mount path
DEFAULT_MOUNT_PATH=~/crypt

# Function to unlock the LUKS volume
unlock_volume() {
    local device=$1
    local mount_path=${2:-$DEFAULT_MOUNT_PATH}

    # Open the LUKS volume
    echo "Opening the LUKS volume..."
    if sudo cryptsetup open "$device" luks_volume; then
        echo "LUKS volume opened successfully."

        # Create a mount point and mount the volume
        echo "Mounting the LUKS volume at $mount_path..."
        mkdir -p "$mount_path"
        if sudo mount /dev/mapper/luks_volume "$mount_path"; then
            echo "The device $device is now unlocked and mounted at $mount_path."
        else
            echo "Failed to mount the LUKS volume."
            # If mount fails, close the LUKS volume to clean up
            sudo cryptsetup close luks_volume
            exit 1
        fi
    else
        echo "Failed to open the LUKS volume."
        exit 1
    fi
}

# Function to lock the LUKS volume
lock_volume() {
    local mount_path=${1:-$DEFAULT_MOUNT_PATH}

    # Check if the mount point is actually mounted
    if mountpoint -q "$mount_path"; then
        # Unmount the volume
        echo "Unmounting the LUKS volume..."
        if sudo umount "$mount_path"; then
            echo "LUKS volume unmounted successfully."
        else
            echo "Failed to unmount the LUKS volume."
            exit 1
        fi
    else
        echo "No LUKS volume mounted at $mount_path."
    fi

    # Close the LUKS volume
    echo "Closing the LUKS volume..."
    if sudo cryptsetup close luks_volume; then
        echo "The LUKS volume is now locked."
    else
        echo "Failed to close the LUKS volume."
        exit 1
    fi
}

# Main script logic
if [[ $# -eq 0 ]]; then
    # No arguments provided, prompt the user for action
    echo "Please select an action:"
    echo "1) Unlock LUKS volume"
    echo "2) Lock LUKS volume"
    read -rp "Enter your choice (1 or 2): " action

    case $action in
        1)
            read -rp "Enter the LUKS device to unlock (e.g., /dev/mmcblk0p2): " DEVICE
            unlock_volume "$DEVICE"
            ;;
        2)
            read -rp "Enter the mount path to lock (default: $DEFAULT_MOUNT_PATH): " MOUNT_PATH
            lock_volume "${MOUNT_PATH:-$DEFAULT_MOUNT_PATH}"
            ;;
        *)
            echo "Invalid choice. Exiting."
            exit 1
            ;;
    esac
elif [[ $1 == "unlock" ]]; then
    # Unlock action specified
    if [[ -n $2 ]]; then
        # Device provided as argument
        unlock_volume "$2" "$3"
    else
        # No device provided, prompt the user
        read -rp "Enter the LUKS device to unlock (e.g., /dev/mmcblk0p2): " DEVICE
        unlock_volume "$DEVICE"
    fi
elif [[ $1 == "lock" ]]; then
    # Lock action specified
    lock_volume "$2"
else
    echo "Invalid action. Usage: $0 [unlock|lock] [device] [mount_path]"
    exit 1
fi