Linux Unified Key Setup

Last updated January 09, 2024

The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux.

Description

LUKS is used to encrypt a block device. The contents of the encrypted device are arbitrary, and therefore any filesystem can be encrypted, including swap partitions.^[2] There is an unencrypted header at the beginning of an encrypted volume, which allows up to 8 (LUKS1) or 32 (LUKS2) encryption keys to be stored along with encryption parameters such as cipher type and key size.^[3]^[4]

The presence of this header is a major difference between LUKS and dm-crypt, since the header allows multiple different passphrases to be used, with the ability to change and remove them. If the header is lost or corrupted, the device will no longer be decryptable.^[5]

Encryption is done with a multi-layer approach. First, the block device is encrypted using a master key. This master key is encrypted with each active user keys.^[6] User keys are derived from passphrases, FIDO2 security keys, TPMs or smart cards.^[7]^[8] The multi-layer approach allows users to change their passphrase without re-encrypting the whole block device. Key slots can contain information to verify user passphrases or other types of keys.

There are two versions of LUKS, with LUKS2 featuring resilience to header corruption, and using the Argon2 key derivation function by default, whereas LUKS1 uses PBKDF2.^[9] Conversion between both versions of LUKS is possible in certain situations, but some features may not be available with LUKS1 such as Argon2.^[3] LUKS2 uses JSON as a metadata format.^[3]^[10]

Available cryptographic algorithms depends on individual kernel support of the host. Libgcrypt can be used as a backend for hashing, which supports all of its algorithms.^[11] It is up to the operating system vendor to choose the default algorithm.^[12] LUKS1 makes use of an anti-forensics technique called AFsplitter, allowing for secure data erasure and protection.^[13]

LUKS with LVM

Logical Volume Management can be used alongside LUKS.^[14]

LVM on LUKS: When LVM is used on an unlocked LUKS container, all underlying partitions (which are LVM logical volumes) can be encrypted with a single key. This is akin to splitting a LUKS container into multiple partitions. The LVM structure is not visible until the disk is decrypted.^[15]
LUKS on LVM: When LUKS is used to encrypt LVM logical volumes, an encrypted volume can span multiple devices. The underlying LVM volume group is visible without decrypting the encrypted volumes.^[16]

Full disk encryption

A common usage of LUKS is to provide full disk encryption, which involves encrypting the root partition of an operating system installation, which protects the operating system files from being tampered with or read by unauthorized parties.^[14]

On a Linux system, the boot partition (/boot) may be encrypted if the bootloader itself supports LUKS (e.g. GRUB). This is undertaken to prevent tampering of the Linux kernel. However, the first stage bootloader or an EFI system partition cannot be encrypted (see Full disk encryption#The boot key problem).^[14]

On mobile Linux systems, postmarketOS has developed osk-sdl to allow a full disk encrypted system to be unlocked using a touch screen.

For systems running systemd, the systemd-homed component can be used to encrypt individual home directories.^[17]

Operating system support

The reference implementation for LUKS operates on Linux and is based on an enhanced version of cryptsetup, using dm-crypt as the disk encryption backend. Under Microsoft Windows, LUKS-encrypted disks can be used via the Windows Subsystem for Linux.^[18] (Formerly, this was possible with LibreCrypt,^[19] which currently has fundamental security holes,^[20]^[21] and which succeeded FreeOTFE, formerly DoxBox.)

DragonFly BSD supports LUKS.^[22]

Installer support

Several Linux distributions allow the root device to be encrypted upon OS installation. These installers include Calamares,^[23] Ubiquity,^[24] Debian-Installer,^[25] and more.

On-disk format

LUKS headers are backward compatible; newer versions of LUKS are able to read headers of previous versions.^[26]

LUKS1

LUKS1 Header^[26]
Offset		Data type	Description
000	000_hex	char[6]	Magic number {'L', 'U', 'K', 'S', 0xBA, 0xBE }
006	006_hex	uint16_t	LUKS Version (0x0001 for LUKS1)
008	008_hex	char[32]	Cipher Algorithm (e.g. "twofish", "aes")
040	028_hex	char[32]	Cipher mode (e.g. "cbc-essiv:sha256")
072	048_hex	char[32]	Cryptographic hash function (e.g. "sha1", "ripemd160")
104	068_hex	uint32_t	Payload offset (position of encrypted data) in 512 byte offsets
108	06C_hex	uint32_t	Number of key bytes
112	070_hex	char[20]	PBKDF2 master key checksum
132	084_hex	char[32]	PBKDF2 master key salt parameter
164	0A4_hex	uint32_t	PBKDF2 master key iterations (Default: 10)
168	0A8_hex	char[40]	UUID of the partition (e.g. "504c9fa7-d080-4acf-a829-73227b48fb89")
208	0D0_hex	(48 Bytes)	Keyslot 1
…
544	220_hex	(48 Bytes)	Keyslot 8
592 Bytes total

Format of each keyslot
Offset	Data type	Description
00	uint32_t	State of keyslot: Active=0x00AC71F3; Disabled=0x0000DEAD
04	uint32_t	PBKDF2 iteration parameter
08	char[32]	PBKDF2 salt parameter
40	uint32_t	Start sector of key
44	uint32_t	Number of anti-forensic stripes (Default: 4000)
48 Bytes total

LUKS2

LUKS2 devices begin with a binary header intended to allow recognition and fast detection by blkid, which also contains information such as checksums. All strings used in a LUKS2 header are null-terminated strings. Directly after the binary header comes the JSON area, containing the objects config (configuration), keyslots, digests, segments (describes encrypted areas on the disk), and tokens containing extra metadata.^[10]

The binary format for regular luks2 keyslots are mostly similar to their predecessor, with the addition of different per-keyslot algorithms. Another type of key exists to allow redundancy in the case that a re-encryption process is interrupted.^[10]

Examples

Cryptsetup is the reference implementation of the LUKS frontend.

To encrypt a device with the path /dev/sda1:

# cryptsetupluksFormat/dev/sda1

To unlock an encrypted device, where name is the mapped device name:

# cryptsetupopen/dev/sda1name

Re-encrypting

Re-encrypting a LUKS container can be done either with the cryptsetup tool itself, or with a legacy tool called cryptsetup-reencrypt. These tools can also be used to add encryption to an existing unencrypted filesystem, or remove encryption from a block device.^[11]^[27]

Both methods have similar syntax:

# cryptsetupreencrypt/dev/sda1

# cryptsetup-reencrypt/dev/sda1

Related Research Articles

FileVault is a disk encryption program in Mac OS X 10.3 Panther (2003) and later. It performs on-the-fly encryption with volumes on Mac computers.

CrossCrypt is an open-source on-the-fly encryption program for the Microsoft Windows XP/2000 operating systems. CrossCrypt allows a user to make virtual drives which encrypt any files stored on them, making the encryption process seamless to the user.

In computing, rubberhose is a deniable encryption archive containing multiple file systems whose existence can only be verified using the appropriate cryptographic key.

Disk encryption software is computer security software that protects the confidentiality of data stored on computer media by using disk encryption.

In Linux, Logical Volume Manager (LVM) is a device mapper framework that provides logical volume management for the Linux kernel. Most modern Linux distributions are LVM-aware to the point of being able to have their root file systems on a logical volume.

Encryption software is software that uses cryptography to prevent unauthorized access to digital information. Cryptography is used to protect digital information on computers as well as the digital information that is sent to other computers over the Internet.

The device mapper is a framework provided by the Linux kernel for mapping physical block devices onto higher-level virtual block devices. It forms the foundation of the logical volume manager (LVM), software RAIDs and dm-crypt disk encryption, and offers additional features such as file system snapshots.

In Linux systems, initrd is a scheme for loading a temporary root file system into memory, to be used as part of the Linux startup process. initrd and initramfs refer to two different methods of achieving this. Both are commonly used to make preparations before the real root file system can be mounted.

Disk encryption is a special case of data at rest protection when the storage medium is a sector-addressable device. This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussion of different software packages and hardware devices devoted to this problem, see disk encryption software and disk encryption hardware.

FreeOTFE is a discontinued open source computer program for on-the-fly disk encryption (OTFE). On Microsoft Windows, and Windows Mobile, it can create a virtual drive within a file or partition, to which anything written is automatically encrypted before being stored on a computer's hard or USB drive. It is similar in function to other disk encryption programs including TrueCrypt and Microsoft's BitLocker.

Cryptoloop is a Linux kernel's disk encryption module that relies on the Crypto API, which is a cryptography framework introduced in version 2.5.45 of the Linux kernel mainline. Cryptoloop was first introduced in the 2.5.x kernel series; its functionality was later incorporated into the device mapper, a generic framework used to map one block device onto another.

Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

BestCrypt, developed by Jetico, is a commercial disk encryption app available for Windows, Linux, macOS and Android.

This is a technical feature comparison of different disk encryption software.

dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks. In addition to that, dm-crypt addresses some reliability problems of cryptoloop.

GEOM is the main storage framework for the FreeBSD operating system. It is available in FreeBSD 5.0 and later releases, and provides a standardized way to access storage layers. GEOM is modular and allows for geom modules to connect to the framework. For example, the geom_mirror module provides RAID1 or mirroring functionality to the system. A number of modules are provided as part of FreeBSD and others have been developed independently and are distributed via (e.g.) GitHub.

geli is a block device-layer disk encryption system written for FreeBSD, introduced in version 6.0. It uses the GEOM disk framework. It was designed and implemented by Paweł Jakub Dawidek.

eCryptfs is a package of disk encryption software for Linux. Its implementation is a POSIX-compliant filesystem-level encryption layer, aiming to offer functionality similar to that of GnuPG at the operating system level, and has been part of the Linux kernel since version 2.6.19.

Core Storage is a logical volume management system on macOS that was introduced by Apple to Mac OS X Lion. Core Storage is a layer between the disk partition and the file system.

VeraCrypt is a free and open-source utility for on-the-fly encryption (OTFE). The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or the entire storage device with pre-boot authentication.

References

↑ Fruhwirth, Clemens (2018-01-20). "LUKS On-Disk Format Specification Version 1.2.3" (PDF). Retrieved 2021-09-23.
↑ "Encrypting drives using LUKS". Fedora Docs. Retrieved 6 May 2022.
1 2 3 "Chapter 12. Encrypting block devices using LUKS". Red Hat Customer Portal.
↑ "How to Encrypt Hard Disk (partition) using LUKS in Linux". 27 February 2019.
↑ "How to Encrypt Your Data with dm-crypt". Linode.
↑ Bossi, Simone; Visconti, Andrea (2015). "What Users Should Know About Full Disk Encryption Based on LUKS" (PDF).{{cite journal}}: Cite journal requires |journal= (help)
↑ "systemd-cryptenroll - ArchWiki". wiki.archlinux.org. Retrieved 2023-11-22.
↑ "How to encrypt a LUKS container using a smart card or token". 20 April 2014.
↑ "How LUKS works with Full Disk Encryption in Linux". 25 September 2021.
1 2 3 "on-disk-format-luks2.pdf" (PDF).
1 2 cryptsetup(8) – Linux Administration and Privileged Commands Manual
↑ "Breaking LUKS Encryption". eForensics. 21 August 2020.
↑ "AFsplitter".
1 2 3 "dm-crypt/Encrypting an entire system" . Retrieved 6 May 2022.
↑ "Arch with LVM on LUKS".
↑ "LUKS on LVM: encrypted logical volumes and secure backups". 12 September 2014.
↑ "Home Directories". systemd.
↑ "Servicing the Windows Subsystem for Linux (WSL) 2 Linux Kernel". Microsoft Developer Blogs. 16 April 2021.
↑ "LibreCrypt". GitHub. 27 July 2022.
↑ "Flaw in driver allows privilege escalation. Feedback wanted · Issue #38 · t-d-k/LibreCrypt". GitHub. 30 September 2015.
↑ "Driver allows writing to arbitrary devices · Issue #39 · t-d-k/LibreCrypt". GitHub . 7 October 2015.
↑ "DragonFly's Major Features List" . Retrieved 6 May 2022.
↑ Michael Larabel (8 May 2016). "Calamares Installer Adds LUKS Encryption Support". Phoronix.
↑ "How to Encrypt Your Hard Disk in Ubuntu". Make Tech Easier. 13 January 2017.
↑ "PartmanCrypto". Debian Wiki. Retrieved 6 May 2022.
1 2 "LUKS On-Disk Format Specification" (PDF).
↑ "CRYPTSETUP-REENCRYPT(8) Man page". man7.org.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Fruhwirth, Clemens (2018-01-20). "LUKS On-Disk Format Specification Version 1.2.3" (PDF). Retrieved 2021-09-23.

[2] "Encrypting drives using LUKS". Fedora Docs. Retrieved 6 May 2022.

[redhat-3] 1 2 3 "Chapter 12. Encrypting block devices using LUKS". Red Hat Customer Portal.

[4] "How to Encrypt Hard Disk (partition) using LUKS in Linux". 27 February 2019.

[5] "How to Encrypt Your Data with dm-crypt". Linode.

[6] Bossi, Simone; Visconti, Andrea (2015). "What Users Should Know About Full Disk Encryption Based on LUKS" (PDF).{{cite journal}}: Cite journal requires |journal= (help)

[7] "systemd-cryptenroll - ArchWiki". wiki.archlinux.org. Retrieved 2023-11-22.

[8] "How to encrypt a LUKS container using a smart card or token". 20 April 2014.

[9] "How LUKS works with Full Disk Encryption in Linux". 25 September 2021.

[luks2-format-10] 1 2 3 "on-disk-format-luks2.pdf" (PDF).

[man8cryptsetup-11] 1 2 cryptsetup(8) – Linux Administration and Privileged Commands Manual

[12] "Breaking LUKS Encryption". eForensics. 21 August 2020.

[13] "AFsplitter".

[archwiki-14] 1 2 3 "dm-crypt/Encrypting an entire system" . Retrieved 6 May 2022.

[15] "Arch with LVM on LUKS".

[16] "LUKS on LVM: encrypted logical volumes and secure backups". 12 September 2014.

[17] "Home Directories". systemd.

[18] "Servicing the Windows Subsystem for Linux (WSL) 2 Linux Kernel". Microsoft Developer Blogs. 16 April 2021.

[19] "LibreCrypt". GitHub. 27 July 2022.

[20] "Flaw in driver allows privilege escalation. Feedback wanted · Issue #38 · t-d-k/LibreCrypt". GitHub. 30 September 2015.

[21] "Driver allows writing to arbitrary devices · Issue #39 · t-d-k/LibreCrypt". GitHub . 7 October 2015.

[22] "DragonFly's Major Features List" . Retrieved 6 May 2022.

[23] Michael Larabel (8 May 2016). "Calamares Installer Adds LUKS Encryption Support". Phoronix.

[24] "How to Encrypt Your Hard Disk in Ubuntu". Make Tech Easier. 13 January 2017.

[25] "PartmanCrypto". Debian Wiki. Retrieved 6 May 2022.

[luks1-standard-26] 1 2 "LUKS On-Disk Format Specification" (PDF).

[27] "CRYPTSETUP-REENCRYPT(8) Man page". man7.org.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

[23]

[24]

[25]

[26]

[27]

v t e Linux
Linux kernel	History Linus's law Linux-libre Booting process Kernel oops Tux more…
Controversies	Criticism of Linux Criticism of desktop Linux GNU/Linux naming controversy Tanenbaum–Torvalds debate SCO and Linux
Distributions	General comparison Distributions list Netbook-specific comparison Distributions that run from RAM Lightweight Security-focused operating system Package manager Package format List of software package managers
Organizations	LinuxChix Linux Counter Linux Documentation Project Linux Foundation Linux Mark Institute Linux User Group (LUG)
Adoption	Adopters Desktop Embedded Gaming Mobile Range of use Linux malware
Media	DistroWatch Free Software Magazine Full Circle Linux.com Linux Format Linux Gazette Linux Journal Linux Magazine LinuxUser Ubuntu User Linux Outlaws Linux Voice LugRadio LWN.net Phoronix Revolution OS The Code
Professional related certifications	CompTIA Linux+ Linux Foundation Red Hat Ubuntu
Linuxportal Free and open-source softwareportal Category