Linux Unified Key Setup Explained

The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux.

LUKS implements a platform-independent standard on-disk format for use in various tools. This facilitates compatibility and interoperability among different programs and operating systems, and assures that they all implement password management in a secure and documented manner.[1]

Description

LUKS is used to encrypt a block device. The contents of the encrypted device are arbitrary, and therefore any filesystem can be encrypted, including swap partitions.[2] There is an unencrypted header at the beginning of an encrypted volume, which allows up to 8 (LUKS1) or 32 (LUKS2) encryption keys to be stored along with encryption parameters such as cipher type and key size.[3] [4]

The presence of this header is a major difference between LUKS and dm-crypt, since the header allows multiple different passphrases to be used, with the ability to change and remove them. If the header is lost or corrupted, the device will no longer be decryptable.[5]

Encryption is done with a multi-layer approach. First, the block device is encrypted using a master key. This master key is encrypted with each active user key.[6] User keys are derived from passphrases, FIDO2 security keys, TPMs or smart cards.[7] [8] The multi-layer approach allows users to change their passphrase without re-encrypting the whole block device. Key slots can contain information to verify user passphrases or other types of keys.

There are two versions of LUKS, with LUKS2 featuring resilience to header corruption, and using the Argon2 key derivation function by default, whereas LUKS1 uses PBKDF2.[9] Conversion between both versions of LUKS is possible in certain situations, but some features may not be available with LUKS1 such as Argon2. LUKS2 uses JSON as a metadata format.[10]

Available cryptographic algorithms depend on individual kernel support of the host. Libgcrypt can be used as a backend for hashing, which supports all of its algorithms. It is up to the operating system vendor to choose the default algorithm.[11] LUKS1 makes use of an anti-forensics technique called AFsplitter, allowing for secure data erasure and protection.[12]

LUKS with LVM

Logical Volume Management can be used alongside LUKS.[13]

LVM on LUKS : When LVM is used on an unlocked LUKS container, all underlying partitions (which are LVM logical volumes) can be encrypted with a single key. This is akin to splitting a LUKS container into multiple partitions. The LVM structure is not visible until the disk is decrypted.[14]
  • LUKS on LVM : When LUKS is used to encrypt LVM logical volumes, an encrypted volume can span multiple devices. The underlying LVM volume group is visible without decrypting the encrypted volumes.[15]
  • Full disk encryption

    A common usage of LUKS is to provide full disk encryption, which involves encrypting the root partition of an operating system installation, which protects the operating system files from being tampered with or read by unauthorized parties.

    On a Linux system, the boot partition (/boot) may be encrypted if the bootloader itself supports LUKS (e.g. GRUB). This is undertaken to prevent tampering with the Linux kernel. However, the first stage bootloader or an EFI system partition cannot be encrypted (see Full disk encryption#The boot key problem).

    On mobile Linux systems, postmarketOS has developed osk-sdl to allow a full disk encrypted system to be unlocked using a touch screen.

    For systems running systemd, the systemd-homed component can be used to encrypt individual home directories.[16]

    Operating system support

    The reference implementation for LUKS operates on Linux and is based on an enhanced version of cryptsetup, using dm-crypt as the disk encryption backend. Under Microsoft Windows, LUKS-encrypted disks can be used via the Windows Subsystem for Linux.[17] (Formerly, this was possible with LibreCrypt,[18] which currently has fundamental security holes,[19] [20] and which succeeded FreeOTFE, formerly DoxBox.)

    DragonFly BSD supports LUKS.[21]

    Installer support

    Several Linux distributions allow the root device to be encrypted upon OS installation. These installers include Calamares,[22] Ubiquity,[23] Debian-Installer,[24] and more.

    On-disk format

    LUKS headers are backward compatible; newer versions of LUKS are able to read headers of previous versions.[25]

    LUKS1

    LUKS1 Header
    Offset Data type Description
    0 0hex char[6]
    6 6hex uint16_t LUKS Version (0x0001 for LUKS1)
    8 8hex char[32] Cipher Algorithm (e.g. "twofish", "aes")
    40 28hex char[32] Cipher mode (e.g. "cbc-essiv:sha256")
    72 48hex char[32] Cryptographic hash function (e.g. "sha1", "ripemd160")
    104 68hex uint32_t Payload offset (position of encrypted data) in 512 byte offsets
    108 6Chex uint32_t Number of key bytes
    112 70hex char[20] PBKDF2 master key checksum
    132 84hex char[32] PBKDF2 master key salt parameter
    164 A4hex uint32_t PBKDF2 master key iterations (Default: 10)
    168 A8hex char[40] UUID of the partition (e.g. "504c9fa7-d080-4acf-a829-73227b48fb89")
    208 D0hex (48 Bytes) Keyslot 1
    544 220hex (48 Bytes) Keyslot 8
    592 Bytes total
    Format of each keyslot
    Offset Data type Description
    0 uint32_t State of keyslot: Active=0x00AC71F3; Disabled=0x0000DEAD
    4 uint32_t PBKDF2 iteration parameter
    8 char[32] PBKDF2 salt parameter
    40 uint32_t Start sector of key
    44 uint32_t Number of anti-forensic stripes (Default: 4000)
    48 Bytes total

    LUKS2

    LUKS2 devices begin with a binary header intended to allow recognition and fast detection by blkid, which also contains information such as checksums. All strings used in a LUKS2 header are null-terminated strings. Directly after the binary header comes the JSON area, containing the objects config (configuration), keyslots, digests, segments (describes encrypted areas on the disk), and tokens containing extra metadata.

    The binary format for regular luks2 keyslots are mostly similar to their predecessor, with the addition of different per-keyslot algorithms. Another type of key exists to allow redundancy in the case that a re-encryption process is interrupted.

    Examples

    Cryptsetup is the reference implementation of the LUKS frontend.

    To encrypt a device with the path /dev/sda1:

    1. cryptsetup luksFormat /dev/sda1

    To unlock an encrypted device, where name is the mapped device name:

    1. cryptsetup open /dev/sda1 name

    Re-encrypting

    Re-encrypting a LUKS container can be done either with the cryptsetup tool itself, or with a legacy tool called cryptsetup-reencrypt. These tools can also be used to add encryption to an existing unencrypted filesystem, or remove encryption from a block device.[26]

    Both methods have similar syntax:

    1. cryptsetup reencrypt /dev/sda1

    1. cryptsetup-reencrypt /dev/sda1

    See also

    External links

    Notes and References

    1. Web site: LUKS On-Disk Format Specification Version 1.2.3 . Clemens . Fruhwirth . 2018-01-20 . 2021-09-23 .
    2. Web site: Encrypting drives using LUKS. Fedora Docs. 6 May 2022.
    3. Web site: Chapter 12. Encrypting block devices using LUKS. Red Hat Customer Portal.
    4. Web site: How to Encrypt Hard Disk (partition) using LUKS in Linux. 27 February 2019 .
    5. Web site: How to Encrypt Your Data with dm-crypt. Linode. 22 November 2022 .
    6. What Users Should Know About Full Disk Encryption Based on LUKS. Simone. Bossi. Andrea. Visconti. 2015.
    7. Web site: systemd-cryptenroll - ArchWiki . 2023-11-22 . wiki.archlinux.org.
    8. Web site: 20 April 2014 . How to encrypt a LUKS container using a smart card or token .
    9. Web site: How LUKS works with Full Disk Encryption in Linux. 25 September 2021 .
    10. Web site: on-disk-format-luks2.pdf. 7 March 2024 .
    11. Web site: Breaking LUKS Encryption. eForensics. 21 August 2020 .
    12. Web site: AFsplitter.
    13. Web site: dm-crypt/Encrypting an entire system. 6 May 2022.
    14. Web site: Arch with LVM on LUKS.
    15. Web site: LUKS on LVM: encrypted logical volumes and secure backups. 12 September 2014 .
    16. Web site: Home Directories. systemd.
    17. Web site: Servicing the Windows Subsystem for Linux (WSL) 2 Linux Kernel. Microsoft Developer Blogs. 16 April 2021 .
    18. Web site: LibreCrypt. GitHub. 27 July 2022 .
    19. Web site: Flaw in driver allows privilege escalation. Feedback wanted · Issue #38 · t-d-k/LibreCrypt. GitHub. 30 September 2015.
    20. Web site: Driver allows writing to arbitrary devices · Issue #39 · t-d-k/LibreCrypt. . 7 October 2015.
    21. Web site: DragonFly's Major Features List. 6 May 2022.
    22. Web site: Calamares Installer Adds LUKS Encryption Support. Michael Larabel. 8 May 2016. Phoronix.
    23. Web site: How to Encrypt Your Hard Disk in Ubuntu. Make Tech Easier. 13 January 2017 .
    24. Web site: PartmanCrypto. Debian Wiki. 6 May 2022.
    25. Web site: LUKS On-Disk Format Specification.
    26. Web site: CRYPTSETUP-REENCRYPT(8) Man page. man7.org.