Hi fellow Mint users,
In my introduction, told you I have a script that might be useful to other Mint users. What the script does:
Lazyluks.sh is a graphical-front-end (GUI) for using Mint-native LUKS-encryption with a "vault"-file.
Creates/opens/closes "vault"-files that linux Mint will treat as opened encrypted ext4 drives, with "normal" user owning drive (rwx access).
Mint will even show "drive-with-opened-padlock" icon on desktop and in file manager.
When closed, it's just a root-owned file filled with random bytes.
You can have up to 8 of these "vault"-files/drives open at the same time.
Vault-file can be encrypted using passphrase or a file as key.
Pure standard LUKS, so compatible with other programs or cryptsetup /LUKS terminal commands.
Built the script purely for my own use, adapted it a bit to make it useable for others, wrote readme.1st "manual" including troubleshooting section. Tested script on 2 laptops, one desktop. On both Mint 17.3/18.1 and several Knoppix versions. It was also tested by a friend-of-a-friend it-professional on linuxmint vdi from osboxes.org in virtualbox. Thank you Jasper, for your encouraging comments.
Script depends on packages:
zenity For graphical user interface
awk For data manipulation (like having a mini-C in bash).
gksu For gksudo command needed in launcher
cryptsetup For actual en-/decryption
For linux Mint-users, it is quite likely that only zenity will be missing. Install manually through package manager.
Would ask you, forum members to take a look at script, give it a try. And would like feedback.
- did I do stupid things?
- do you think script introduces new "points of failure" or decrease LUKS-security ?
- suggestions for improving?
I hope this script will help even people who are new to linux and do not use the terminal (much), to be able to use strong encryption. Feel that it is a necessary precaution in a world that is full of hacks, theft of laptops, loss of USB-sticks with important data.
If you're interested, you can download the small tarball from: <no longer available, see latest post>
Looking forward to your opinions / comments,
Robert
graphical user interface for LUKS encryption with "vault"-file
Forum rules
Topics in this forum are automatically closed 6 months after creation.
Topics in this forum are automatically closed 6 months after creation.
graphical user interface for LUKS encryption with "vault"-file
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Linux is like my late labrador lady-dog: loyal and loving if you treat her lady-like, disbehaving princess if you don't.
Re: graphical user interface for LUKS encryption with "vault"-file
(Edited 20170731)
IMPORTANT:
Found out I did make a very stupid mistake:
When using a file as key, standard cryptsetup/LUKS simply reads the first 256 bytes from file and uses those as "passphrase". But those bits might very well just be a file header, could even be the same for all files of a given type.
A keyfile in luks is meant to be created like: head -c 256 /dev/random > keyfile. When opening, luks reads passphrase from such a file. But in lazyluks I wanted to be able to use ANY file (pic, music, pdf) as a key.
So: changed standard key-size of 256 to 512 bits and now use sha512sum of the key-file as "passphrase".
First field of sha512sum output is $ 128 chars long. Not as good as a 512 chars random passphrase (which you can use if you want), but good enough for me.
added bonus: there is no size limit to the key-file.
Sorry for the inconvenience.
You can find the newer version at: <no longer available, see latest post>
So sorry, it is only compatible with old version if you used passphrase. NOT if you used a key-file.
-----------------------------------------------------------------------------------------------------------------------------
As of 20170731
Updated use of key-file & readme.1st
Downwards compatible if you use sha512sum+full-path-filename when using key file.
Latest version lazyluks.V2c.tar.gz available at : https://1drv.ms/u/s!As0H3epaY7vPgR38aGsBYXB9RsgZ
Kind regards,
Robert
IMPORTANT:
Found out I did make a very stupid mistake:
When using a file as key, standard cryptsetup/LUKS simply reads the first 256 bytes from file and uses those as "passphrase". But those bits might very well just be a file header, could even be the same for all files of a given type.
A keyfile in luks is meant to be created like: head -c 256 /dev/random > keyfile. When opening, luks reads passphrase from such a file. But in lazyluks I wanted to be able to use ANY file (pic, music, pdf) as a key.
So: changed standard key-size of 256 to 512 bits and now use sha512sum of the key-file as "passphrase".
First field of sha512sum output is $ 128 chars long. Not as good as a 512 chars random passphrase (which you can use if you want), but good enough for me.
added bonus: there is no size limit to the key-file.
Sorry for the inconvenience.
You can find the newer version at: <no longer available, see latest post>
So sorry, it is only compatible with old version if you used passphrase. NOT if you used a key-file.
-----------------------------------------------------------------------------------------------------------------------------
As of 20170731
Updated use of key-file & readme.1st
Downwards compatible if you use sha512sum+full-path-filename when using key file.
Latest version lazyluks.V2c.tar.gz available at : https://1drv.ms/u/s!As0H3epaY7vPgR38aGsBYXB9RsgZ
Kind regards,
Robert
Linux is like my late labrador lady-dog: loyal and loving if you treat her lady-like, disbehaving princess if you don't.