Crates.io | peroxide-cryptsetup |
lib.rs | peroxide-cryptsetup |
version | 0.3.2 |
source | src |
created_at | 2016-11-29 00:21:12.210384 |
updated_at | 2022-08-28 19:22:37.362744 |
description | Command-line utility for managing LUKS encrypted volumes using 2FA methods (for example Yubikeys) |
homepage | https://gitlab.com/solidninja/peroxide-cryptsetup |
repository | https://gitlab.com/solidninja/peroxide-cryptsetup |
max_upload_size | |
id | 7402 |
size | 155,473 |
peroxide-cryptsetup
WARNING: alpha quality
peroxs
is a command-line utility for managing cryptsetup disks on Linux. More precisely,
it helps you to manage key enrollment for devices and add backup keys in case your operational keys get
lost. It only supports LUKS devices currently.
Documentation is currently a bit light, but this will get you started:
cargo install peroxide-cryptsetup
Alternatively, clone this repository and build from source:
cargo build
target/debug/peroxs
will be simply referred to as peroxs
Enrollment is the term used throughout for adding a new keyslot to either an existing or new LUKS disk.
Pick a block device (disk). We will use /dev/your-disk
as an example.
cd /secure/key/storage/location
peroxs init backup
(create the db)peroxs enroll keyfile secret.key /dev/your-disk --name=awesome --iteration-ms=1000
The above assumes that /dev/your-disk
has already been cryptsetup luksFormat
ed. If you need to format
an entirely new device:
peroxs enroll keyfile secret.key new --cipher aes-xts-plain --hash sha256 --key-bits 256 /dev/your-disk --name=awesome --iteration-ms=1000
For more information on the values of --cipher
, --hash
and --key-bits
see man cryptsetup
.
cd /location/of/peroxs/db
peroxs open /dev/your-disk
(alternative, can use uuid of disk)peroxs register keyfile secret.key /dev/your-disk --name=awesome
peroxs list --all
(Copied from the clap-generated usage):
USAGE:
peroxs [OPTIONS] <SUBCOMMAND>
OPTIONS:
-d, --database <DATABASE>
The database to use[default: peroxs-db.json]
[aliases: db]
-h, --help
Print help information
-V, --version
Print version information
SUBCOMMANDS:
enroll
Enroll a new or existing LUKS disk(s) in the database (adding a new keyslot)
help
Print this message or the help of the given subcommand(s)
init
Initialize a new peroxide-db database
list
List disks enrolled in a database
open
Open enrolled LUKS disk(s)
register
Register an existing entry in the database (without adding a new keyslot)
enroll
USAGE:
peroxs enroll [OPTIONS] <SUBCOMMAND>
OPTIONS:
-d, --database <DATABASE>
The database to use[default: peroxs-db.json]
[aliases: db]
-h, --help
Print help information
SUBCOMMANDS:
help
Print this message or the help of the given subcommand(s)
keyfile
Enroll using a keyfile
passphrase
Enroll using a passphrase
yubikey
Enroll using a Yubikey token
init
USAGE:
peroxs init [OPTIONS] <DB_TYPE>
ARGS:
<DB_TYPE>
Database type to enroll[possible values: operation, backup]
OPTIONS:
-d, --database <DATABASE>
The database to use[default: peroxs-db.json]
[aliases: db]
-h, --help
Print help information
list
USAGE:
peroxs list [OPTIONS]
OPTIONS:
--all
List all devices in database, regardless of whether they can be found to be attached to
the system currently
-d, --database <DATABASE>
The database to use[default: peroxs-db.json]
[aliases: db]
-h, --help
Print help information
open
USAGE:
peroxs open [OPTIONS] [DEVICE_OR_UUID]...
ARGS:
<DEVICE_OR_UUID>...
The path(s) to the device or the LUKS UUID(s) of the device
OPTIONS:
-d, --database <DATABASE>
The database to use[default: peroxs-db.json]
[aliases: db]
-h, --help
Print help information
-n, --name <NAME>
Override name specified in database (if any) when activating the device
register
USAGE:
peroxs register [OPTIONS] <SUBCOMMAND>
OPTIONS:
-d, --database <DATABASE>
The database to use[default: peroxs-db.json]
[aliases: db]
-h, --help
Print help information
SUBCOMMANDS:
help
Print this message or the help of the given subcommand(s)
keyfile
Register an existing keyfile
passphrase
Register an existing passphrase
You will require the following packages installed:
libcryptsetup-devel
libsodium-devel
ykpers-devel
(Your distribution's package names may vary)
peroxide-cryptsetup
is the work of its contributors and is a free software project licensed under the
GPLv3 or later.
If you would like to contribute, please follow the C4 process.