Jump to content
Please Use CODE Tags

Automated LUKS Open and Close with Cron

SEAL62
By SEAL62
in Programming
 Share
Go to solution Solved by Kilrah,

This might help:

https://unix.stackexchange.com/questions/188553/mounting-luks-from-the-command-line

Posted

Hi there

I have a LUKS encrypted drive in my Linux server and am syncing data to it every X amount of time. However I would like to decrypt my drive before every sync and then again encrypt it when the sync process is finished.

Is there any way how I could do that with a script and maybe a keyfile for unlocking and that would work in Cron?

Thanks in advance

Quote or tag me( @SEAL62 ) if you want me to see your reply

consider a reaction if I was funny, informative, helpful, or agreeable

 

OS: Windows 10 Pro

CPU: Intel i9-9900K GPU: Aorus GeForce RTX 3080 Master Motherboard: Gigabyte Z390 Aorus Master
AIO: Corsair H150i RGB Platinum RAM: Corsair Vengeance RGB Pro 32GB 3000MHz Case: Corsair iCUE 465X RGB PSU: Corsair RM750x White

 

OS: Kali Linux

HP Envy x360 Convertible

CPU: Intel i5-10210U GPU: NVIDIA GeForce MX250 RAM: 16 GB DDR4 2666 SSD: 512GB PCIe

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

If you did that it seems like you'd need to store all the details needed to decrypt it in the (non-encrypted) script.

 

Wouldn't it be safer just to decrypt it at startup?

(Entering the encryption key during/after boot)

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Why the heck would you do that? It would literally rewrite the entire drive twice each time, and require defeating the purpose of the encryption by storing the key in the script. 

F@H
Desktop: i9-13900K, ASUS Z790-E, 64GB DDR5-6000 CL36, RTX3080, 2TB MP600 Pro XT, 2TB SX8200Pro, 2x16TB Ironwolf RAID0, Corsair HX1200, Antec Vortex 360 AIO, Thermaltake Versa H25 TG, Samsung 4K curved 49" TV, 23" secondary, Mountain Everest Max

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB SX8200Pro RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Asus Zenbook UM325UA, Ryzen 7 5700u, 16GB, 1TB, OLED

 

GPD Win 2

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
Just now, Egbert said:

If you did that it seems like you'd need to store all the details needed to decrypt it in the (non-encrypted) script.

 

Wouldn't it be safer just to decrypt it at startup?

(Entering the encryption key during/after boot)

 

@Egbert

The problem is that it is a server so it usually doesn't get rebootet all that often and during it's running time I would like to have the drive encrypted while there is no syncing going on.

Quote or tag me( @SEAL62 ) if you want me to see your reply

consider a reaction if I was funny, informative, helpful, or agreeable

 

OS: Windows 10 Pro

CPU: Intel i9-9900K GPU: Aorus GeForce RTX 3080 Master Motherboard: Gigabyte Z390 Aorus Master
AIO: Corsair H150i RGB Platinum RAM: Corsair Vengeance RGB Pro 32GB 3000MHz Case: Corsair iCUE 465X RGB PSU: Corsair RM750x White

 

OS: Kali Linux

HP Envy x360 Convertible

CPU: Intel i5-10210U GPU: NVIDIA GeForce MX250 RAM: 16 GB DDR4 2666 SSD: 512GB PCIe

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
2 minutes ago, Kilrah said:

Why the heck would you do that? It would literally rewrite the entire drive twice each time, and require defeating the purpose of the encryption by storing the key in the script. 

@Kilrah

Why should it rewrite the entire drive twice?

Let's say I want my data synced to the drive once a day at 3 am.

Then the drive should be locked throughout the day and get unlocked right before the syncing process starts and locked again as soon as it stops.

 

Quote or tag me( @SEAL62 ) if you want me to see your reply

consider a reaction if I was funny, informative, helpful, or agreeable

 

OS: Windows 10 Pro

CPU: Intel i9-9900K GPU: Aorus GeForce RTX 3080 Master Motherboard: Gigabyte Z390 Aorus Master
AIO: Corsair H150i RGB Platinum RAM: Corsair Vengeance RGB Pro 32GB 3000MHz Case: Corsair iCUE 465X RGB PSU: Corsair RM750x White

 

OS: Kali Linux

HP Envy x360 Convertible

CPU: Intel i5-10210U GPU: NVIDIA GeForce MX250 RAM: 16 GB DDR4 2666 SSD: 512GB PCIe

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

OK then you mean unlock/lock, not decrypt/encrypt.

Still has the issue of storing the key to unlock.

F@H
Desktop: i9-13900K, ASUS Z790-E, 64GB DDR5-6000 CL36, RTX3080, 2TB MP600 Pro XT, 2TB SX8200Pro, 2x16TB Ironwolf RAID0, Corsair HX1200, Antec Vortex 360 AIO, Thermaltake Versa H25 TG, Samsung 4K curved 49" TV, 23" secondary, Mountain Everest Max

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB SX8200Pro RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Asus Zenbook UM325UA, Ryzen 7 5700u, 16GB, 1TB, OLED

 

GPD Win 2

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
2 minutes ago, Kilrah said:

OK then you mean unlock/lock, not decrypt/encrypt.

Still has the issue of storing the key to unlock.

@Kilrah

Sorry for the wrong terminology

Yeah well thats kind of my question

hwo do I store the key and how can I use it in my unlock command.

I know it is not the safest approach but better than leaving the drive unlocked all the time.

Quote or tag me( @SEAL62 ) if you want me to see your reply

consider a reaction if I was funny, informative, helpful, or agreeable

 

OS: Windows 10 Pro

CPU: Intel i9-9900K GPU: Aorus GeForce RTX 3080 Master Motherboard: Gigabyte Z390 Aorus Master
AIO: Corsair H150i RGB Platinum RAM: Corsair Vengeance RGB Pro 32GB 3000MHz Case: Corsair iCUE 465X RGB PSU: Corsair RM750x White

 

OS: Kali Linux

HP Envy x360 Convertible

CPU: Intel i5-10210U GPU: NVIDIA GeForce MX250 RAM: 16 GB DDR4 2666 SSD: 512GB PCIe

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Solution

This might help:

https://unix.stackexchange.com/questions/188553/mounting-luks-from-the-command-line

F@H
Desktop: i9-13900K, ASUS Z790-E, 64GB DDR5-6000 CL36, RTX3080, 2TB MP600 Pro XT, 2TB SX8200Pro, 2x16TB Ironwolf RAID0, Corsair HX1200, Antec Vortex 360 AIO, Thermaltake Versa H25 TG, Samsung 4K curved 49" TV, 23" secondary, Mountain Everest Max

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB SX8200Pro RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Asus Zenbook UM325UA, Ryzen 7 5700u, 16GB, 1TB, OLED

 

GPD Win 2

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

@Kilrah Thanks that looks promising

Quote or tag me( @SEAL62 ) if you want me to see your reply

consider a reaction if I was funny, informative, helpful, or agreeable

 

OS: Windows 10 Pro

CPU: Intel i9-9900K GPU: Aorus GeForce RTX 3080 Master Motherboard: Gigabyte Z390 Aorus Master
AIO: Corsair H150i RGB Platinum RAM: Corsair Vengeance RGB Pro 32GB 3000MHz Case: Corsair iCUE 465X RGB PSU: Corsair RM750x White

 

OS: Kali Linux

HP Envy x360 Convertible

CPU: Intel i5-10210U GPU: NVIDIA GeForce MX250 RAM: 16 GB DDR4 2666 SSD: 512GB PCIe

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×