peroxide-cryptsetup
WARNING: alpha quality
peroxs is a command-line utility for managing cryptsetup disks on Linux. More precisely,
it helps you to manage key enrollment for devices and add backup keys in case your operational keys get
lost. It only supports LUKS devices currently.
Documentation is currently a bit light, but this will get you started:
cargo install peroxide-cryptsetupAlternatively, clone this repository and build from source:
cargo buildtarget/debug/peroxs will be simply referred to as peroxsEnrollment is the term used throughout for adding a new keyslot to either an existing or new LUKS disk.
Pick a block device (disk). We will use /dev/your-disk as an example.
cd /secure/key/storage/locationperoxs init backup (create the db)peroxs enroll keyfile secret.key /dev/your-disk --name=awesome --iteration-ms=1000The above assumes that /dev/your-disk has already been cryptsetup luksFormated. If you need to format
an entirely new device:
peroxs enroll keyfile secret.key new --cipher aes-xts-plain --hash sha256 --key-bits 256 /dev/your-disk --name=awesome --iteration-ms=1000For more information on the values of --cipher, --hash and --key-bits see man cryptsetup.
cd /location/of/peroxs/dbperoxs open /dev/your-disk (alternative, can use uuid of disk)peroxs register keyfile secret.key /dev/your-disk --name=awesomeperoxs list --all(Copied from the clap-generated usage):
```
USAGE:
peroxs [OPTIONS]
OPTIONS:
-d, --database
-h, --help
Print help information
-V, --version
Print version information
SUBCOMMANDS: enroll Enroll a new or existing LUKS disk(s) in the database (adding a new keyslot) help Print this message or the help of the given subcommand(s) init Initialize a new peroxide-db database list List disks enrolled in a database open Open enrolled LUKS disk(s) register Register an existing entry in the database (without adding a new keyslot)
```
enroll```
USAGE:
peroxs enroll [OPTIONS]
OPTIONS:
-d, --database
-h, --help
Print help information
SUBCOMMANDS: help Print this message or the help of the given subcommand(s) keyfile Enroll using a keyfile passphrase Enroll using a passphrase yubikey Enroll using a Yubikey token ```
init```
USAGE:
peroxs init [OPTIONS]
ARGS:
OPTIONS:
-d, --database
-h, --help
Print help information
```
list``` USAGE: peroxs list [OPTIONS]
OPTIONS: --all List all devices in database, regardless of whether they can be found to be attached to the system currently
-d, --database <DATABASE>
The database to use[default: peroxs-db.json]
[aliases: db]
-h, --help
Print help information
```
open``` USAGE: peroxs open [OPTIONS] [DEVICEORUUID]...
ARGS:
OPTIONS:
-d, --database
-h, --help
Print help information
-n, --name <NAME>
Override name specified in database (if any) when activating the device
```
register```
USAGE:
peroxs register [OPTIONS]
OPTIONS:
-d, --database
-h, --help
Print help information
SUBCOMMANDS: help Print this message or the help of the given subcommand(s) keyfile Register an existing keyfile passphrase Register an existing passphrase ```
You will require the following packages installed:
libcryptsetup-devellibsodium-develykpers-devel(Your distribution's package names may vary)
peroxide-cryptsetup is the work of its contributors and is a free software project licensed under the
GPLv3 or later.
If you would like to contribute, please follow the C4 process.