graphical user interface for LUKS encryption with "vault"-file

Forum rules
Before you post please read how to get help
TI58C
Level 3
Level 3
Posts: 155
Joined: Tue Jul 18, 2017 5:57 am

graphical user interface for LUKS encryption with "vault"-file

Postby TI58C » Thu Jul 27, 2017 5:45 am

Hi fellow Mint users,

In my introduction, told you I have a script that might be useful to other Mint users. What the script does:

Lazyluks.sh is a graphical-front-end (GUI) for using Mint-native LUKS-encryption with a "vault"-file.
Creates/opens/closes "vault"-files that linux Mint will treat as opened encrypted ext4 drives, with "normal" user owning drive (rwx access).
Mint will even show "drive-with-opened-padlock" icon on desktop and in file manager.
When closed, it's just a root-owned file filled with random bytes.
You can have up to 8 of these "vault"-files/drives open at the same time.
Vault-file can be encrypted using passphrase or a file as key.
Pure standard LUKS, so compatible with other programs or cryptsetup /LUKS terminal commands.

Built the script purely for my own use, adapted it a bit to make it useable for others, wrote readme.1st "manual" including troubleshooting section. Tested script on 2 laptops, one desktop. On both Mint 17.3/18.1 and several Knoppix versions. It was also tested by a friend-of-a-friend it-professional on linuxmint vdi from osboxes.org in virtualbox. Thank you Jasper, for your encouraging comments.

Script depends on packages:
zenity For graphical user interface
awk For data manipulation (like having a mini-C in bash).
gksu For gksudo command needed in launcher
cryptsetup For actual en-/decryption
For linux Mint-users, it is quite likely that only zenity will be missing. Install manually through package manager.

Would ask you, forum members to take a look at script, give it a try. And would like feedback.
- did I do stupid things?
- do you think script introduces new "points of failure" or decrease LUKS-security ?
- suggestions for improving?

I hope this script will help even people who are new to linux and do not use the terminal (much), to be able to use strong encryption. Feel that it is a necessary precaution in a world that is full of hacks, theft of laptops, loss of USB-sticks with important data.

If you're interested, you can download the small tarball from: <no longer available, see latest post>

Looking forward to your opinions / comments,

Robert
Last edited by TI58C on Sun Aug 20, 2017 7:09 am, edited 1 time in total.
Linux is like my late labrador lady-dog: loyal and loving if you treat her lady-like, disbehaving princess if you don't.

TI58C
Level 3
Level 3
Posts: 155
Joined: Tue Jul 18, 2017 5:57 am

Re: graphical user interface for LUKS encryption with "vault"-file

Postby TI58C » Sat Jul 29, 2017 6:56 am

(Edited 20170731)

IMPORTANT:

Found out I did make a very stupid mistake:

When using a file as key, standard cryptsetup/LUKS simply reads the first 256 bytes from file and uses those as "passphrase". But those bits might very well just be a file header, could even be the same for all files of a given type.

A keyfile in luks is meant to be created like: head -c 256 /dev/random > keyfile. When opening, luks reads passphrase from such a file. But in lazyluks I wanted to be able to use ANY file (pic, music, pdf) as a key.

So: changed standard key-size of 256 to 512 bits and now use sha512sum of the key-file as "passphrase".
First field of sha512sum output is $ 128 chars long. Not as good as a 512 chars random passphrase (which you can use if you want), but good enough for me.
added bonus: there is no size limit to the key-file.

Sorry for the inconvenience.

You can find the newer version at: <no longer available, see latest post>
So sorry, it is only compatible with old version if you used passphrase. NOT if you used a key-file.

-----------------------------------------------------------------------------------------------------------------------------

As of 20170731

Updated use of key-file & readme.1st
Downwards compatible if you use sha512sum+full-path-filename when using key file.
Latest version lazyluks.V2c.tar.gz available at : https://1drv.ms/u/s!As0H3epaY7vPgR38aGsBYXB9RsgZ


Kind regards,

Robert
Linux is like my late labrador lady-dog: loyal and loving if you treat her lady-like, disbehaving princess if you don't.


Return to “Scripts & Bash”