My experience with #FlashDrives recently has been mixed. I have no problem in encrypting them with #LUKS, using #cryptsetup or with formatting a partition with #Btrfs, for instance, using #gparted and doing other tinkering with #Gnome #disks. But the problem has been with the actual drives themselves. The cheaper ones seem to have quite a few bad sectors, etc. and so they’re not really reliable for medium term storage.

1/2

Does someone have a working #nixos setup where they decrypt their drive via #cryptsetup that they access remotely via #tailscale?

That's what I am building for my new working machine.

Also WakeOnLan (via local network though).

#followerpower

Does someone have a working #nixos setup where they decrypt their drive via #cryptsetup that they access remotely via #tailscale?

That's what I am building for my new working machine.

Also WakeOnLan (via local network though).

#followerpower

Ich würde gerne vermeiden, das Passwort für die #Festplattenverschlüsselung meines #Linux-Laptops jedes Mal eingeben zu müssen – meine Kinder sollen den auch benutzen können, ohne dass ich ihnen das Passwort sage.

Das müsste sich doch irgendwie auf ein Hardware-Token (USB-Stick oder SD-Karte) umstellen lassen? Wie am besten?

TIL: If you want to `cryptsetup open` a BitLocker encrypted drive using the recovery key (8 blocks of 6 digits each), make sure to enter it _with_ the dashes between each block of digits, else it won't be recognized.

Dear fellow #linux #cryptsetup users, I need your assistance while I'm trying to encrypt my root partition:

The Arch Linux wiki (https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Re-encrypting_devices) has some guide to first unmount and then shrink the partition before reencryption, but then it has a header saying "cryptsetup 2.2 using LUKS2 supports online encryption/decryption/reencryption". Does that mean I can skip the unmount and resize, and just run the reencrypt command when the OS is still running on that partition?

hey neat, Linux 6.10 improved disk encryption performance on my system by ~42% https://gist.github.com/lucaswerkmeister/965d312193362ccfea6378006ce8cb81

Quick guide on encrypting an external drive. Assuming the drive is at /dev/sda with a /dev/sda1 partition

Set up encrypted volume (-y for verifying the password)
# cryptsetup luksFormat -y -v /dev/sda1

Unlock the encrypted volume and create a mapping to /dev/mapper/DUDE
# cryptsetup luksOpen /dev/sda1 DUDE

Create a file system
# mkfs.ext4 /dev/mapper/DUDE

Mount the partition
# mkdir /mnt/DUDE
# mount /dev/mapper/DUDE /mnt/DUDE

Mit Agent Shredder kannst du unterwegs verschlüsselte Backups von SD Karten erstellen und diese unwiederbringlich löschen.

tragbar
offline
off grid
LUKS
passt in die Hosentasche

@AgentShredder nutzt Open Source Software nach aktuellem Stand der Technik.

#Cryptsetup 2.7.0 Unveils Advanced #OPAL Hardware Encryption Support

https://linuxiac.com/cryptsetup-2-7-0-unveils-advanced-opal-hardware-encryption-support/

ok pour #ubuntu proposer du #cryptsetup sur une carte sd quand on l'installe sur une #raspberryPi c'est trop demander.

plus qu'à aller jouer avec #veracrypt ou un tuto en cinquante étapes pour avoir la moindre base de protection des données sur un raspberry.
quelle indignité !

Has anyone succeeded yet in running a Guix System with grub on an encrypted btrfs partition with subvolumes?

guix system init seems to produce a sensible grub.cfg, which (after insmod of luks2) calls cryptomount, but after reboot, it doesn't even ask for the passphrase before complaining that the decrypted device doesn't exist and dropping to grub rescue.