Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save turkerali/15502160240d3d9a04f141c16621889b to your computer and use it in GitHub Desktop.
Save turkerali/15502160240d3d9a04f141c16621889b to your computer and use it in GitHub Desktop.
How to create a LUKS partition encrypted with Adiantum, ideal for low end and older devices/computers

How to create a LUKS partition encrypted with the Adiantum scheme

Important note

  • Sector size and key size are fixed, you cannot change them!
  • You can play with the hash but using less than sha256 is irresponsible!
  • You can convert an already existing luks2 partition with cryptsetup(8).

Very low end devices or computers (say, an old Pentium, Celeron, Raspberry Pi or older SoC)

cryptsetup luksFormat --type luks2 \
--sector-size 4096 \
--cipher xchacha12,aes-adiantum-plain64 \
--hash sha256 --key-size 256 <device>

cryptsetup reencrypt --encrypt \
--sector-size=4096 \
--cipher xchacha12,aes-adiantum-plain64 \
--hash sha256 --key-size 256 <device>

Low end devices or computers (say, a Core 2 Duo, a smartphone post 2016)

cryptsetup luksFormat --type luks2 \
--sector-size 4096 \
--cipher xchacha20,aes-adiantum-plain64 \
--hash sha256 --key-size 256 <device>

cryptsetup reencrypt --encrypt \
--sector-size=4096 \
--cipher xchacha20,aes-adiantum-plain64 \
--hash sha256 --key-size 256 <device>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment