Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Automated LUKS Open and Close with Cron

Hi there

I have a LUKS encrypted drive in my Linux server and am syncing data to it every X amount of time. However I would like to decrypt my drive before every sync and then again encrypt it when the sync process is finished.

Is there any way how I could do that with a script and maybe a keyfile for unlocking and that would work in Cron?

Thanks in advance

Link to post
Share on other sites

If you did that it seems like you'd need to store all the details needed to decrypt it in the (non-encrypted) script.

 

Wouldn't it be safer just to decrypt it at startup?

(Entering the encryption key during/after boot)

 

Link to post
Share on other sites

Why the heck would you do that? It would literally rewrite the entire drive twice each time, and require defeating the purpose of the encryption by storing the key in the script. 

F@H
Desktop: i7-5960X 4.4GHz, Noctua NH-D14, ASUS Rampage V, 32GB, RTX3080, 2TB NVMe SSD, 2x16TB HDD RAID0, Corsair HX1200, Thermaltake Overseer RX1, Samsung 4K curved 49" TV, 23" secondary

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB NVMe SSD RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Dell XPS 2 in 1 2019, 32GB, 1TB, 4K

 

GPD Win 2

Link to post
Share on other sites
Just now, Egbert said:

If you did that it seems like you'd need to store all the details needed to decrypt it in the (non-encrypted) script.

 

Wouldn't it be safer just to decrypt it at startup?

(Entering the encryption key during/after boot)

 

@Egbert

The problem is that it is a server so it usually doesn't get rebootet all that often and during it's running time I would like to have the drive encrypted while there is no syncing going on.

Link to post
Share on other sites
2 minutes ago, Kilrah said:

Why the heck would you do that? It would literally rewrite the entire drive twice each time, and require defeating the purpose of the encryption by storing the key in the script. 

@Kilrah

Why should it rewrite the entire drive twice?

Let's say I want my data synced to the drive once a day at 3 am.

Then the drive should be locked throughout the day and get unlocked right before the syncing process starts and locked again as soon as it stops.

 

Link to post
Share on other sites

OK then you mean unlock/lock, not decrypt/encrypt.

Still has the issue of storing the key to unlock.

F@H
Desktop: i7-5960X 4.4GHz, Noctua NH-D14, ASUS Rampage V, 32GB, RTX3080, 2TB NVMe SSD, 2x16TB HDD RAID0, Corsair HX1200, Thermaltake Overseer RX1, Samsung 4K curved 49" TV, 23" secondary

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB NVMe SSD RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Dell XPS 2 in 1 2019, 32GB, 1TB, 4K

 

GPD Win 2

Link to post
Share on other sites
2 minutes ago, Kilrah said:

OK then you mean unlock/lock, not decrypt/encrypt.

Still has the issue of storing the key to unlock.

@Kilrah

Sorry for the wrong terminology

Yeah well thats kind of my question

hwo do I store the key and how can I use it in my unlock command.

I know it is not the safest approach but better than leaving the drive unlocked all the time.

Link to post
Share on other sites
F@H
Desktop: i7-5960X 4.4GHz, Noctua NH-D14, ASUS Rampage V, 32GB, RTX3080, 2TB NVMe SSD, 2x16TB HDD RAID0, Corsair HX1200, Thermaltake Overseer RX1, Samsung 4K curved 49" TV, 23" secondary

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB NVMe SSD RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Dell XPS 2 in 1 2019, 32GB, 1TB, 4K

 

GPD Win 2

Link to post
Share on other sites

@Kilrah Thanks that looks promising

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×