The Linux Unified Key Setup (LUKS) is a

disk encryption Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that g ...

specification created by Clemens Fruhwirth in 2004 and was originally intended for

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, w ...

. While most

disk encryption software Disk encryption software is computer security software that protects the confidentiality of data stored on computer media (e.g., a hard disk, floppy disk, or USB device) by using disk encryption. Compared to access controls commonly enforced by ...

implements different, incompatible, and undocumented formats, LUKS implements a platform-independent standard on-disk format for use in various tools. This not only facilitates compatibility and interoperability among different programs, but also assures that they all implement

password management There are several forms of software used to help users or organizations better manage passwords: * Intended for use by a single user: ** Password manager software is used by individuals to organize and encrypt many personal passwords using a singl ...

in a secure and documented manner.

Description

LUKS is used to encrypt a

block device In Unix-like operating systems, a device file or special file is an interface to a device driver that appears in a file system as if it were an ordinary file. There are also special files in DOS, OS/2, and Windows. These special files allow a ...

. The contents of the encrypted device are arbitrary, and therefore any filesystem can be encrypted, including swap partitions. There is an unencrypted header at the beginning of an encrypted volume, which allows up to 8 (LUKS1) or 32 (LUKS2)

encryption key A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key ...

s to be stored along with encryption parameters such as cipher type and key size. The presence of this header is a major difference between LUKS and plain dm-crypt, since the header allows multiple different passphrases to be used, with the ability to change and remove them with ease. However, if the header is lost or corrupted, the device will no longer be decryptable. Encryption is done with a multi-layer approach. First, the block device is encrypted using multiple ''master keys'', each of which is encrypted with an active ''user key'' in each keyslot. While keyslots often contain a passphrase, other kinds of keys include

OpenPGP Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partiti ...

public key Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic al ...

s or

X.509 In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secu ...

certificates. PGP public keys can be used in combination with an OpenPGP smart card which is inserted into the host. This layered scheme is known a
TKS1
There are two versions of LUKS, with LUKS2 having features such as resilience to header corruption, and using the

Argon2 Argon2 is a key derivation function that was selected as the winner of the 2015 Password Hashing Competition. It was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from the University of Luxembourg. The reference implementation o ...

encryption algorithm by default, whereas LUKS1 uses

PBKDF2 In cryptography, PBKDF1 and PBKDF2 (Password-Based Key Derivation Function 1 and 2) are key derivation functions with a sliding computational cost, used to reduce vulnerabilities of brute-force attacks. PBKDF2 is part of RSA Laboratories' Publ ...

. Conversion between both versions of LUKS is possible in certain situations, but some features may not be available with LUKS1 such as Argon2. LUKS2 uses JSON as a metadata format. Available cryptographic algorithms depends on individual kernel support of the host.

Libgcrypt Libgcrypt is a cryptography library developed as a separated module of GnuPG. It can also be used independently of GnuPG, but depends on its error-reporting library Libgpg-error. It provides functions for all fundamental cryptographic building blo ...

can be used as a backend for hashing, which supports all of its algorithms. It is up to the operating system vendor to choose the default algorithm. LUKS1 makes use of an anti-forensics technique called AFsplitter, allowing for secure

data erasure Data erasure (sometimes referred to as data clearing, data wiping, or data destruction) is a software-based method of overwriting the data that aims to completely destroy all electronic data residing on a hard disk drive or other digital media b ...

and protection.

Using LUKS with LVM

Logical Volume Management can be used alongside LUKS. ; LVM on LUKS : When LVM is used on an unlocked LUKS container, all underlying partitions (which are LVM logical volumes) can be encrypted with a single key. This is akin to splitting a LUKS container into multiple partitions. The LVM structure is not visible until the disk is decrypted. ; LUKS on LVM : When LUKS is used to encrypt LVM logical volumes, an encrypted volume can span multiple devices. The underlying LVM volume group is visible without decrypting the encrypted volumes.

Full disk encryption

Debian Graphical Installer Partman-auto init automatically partition 1

A common usage of LUKS is to provide

full disk encryption Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that g ...

, which involves encrypting the root partition of an operating system installation, which protects the operating system files from being tampered with or read by unauthorized parties. On a Linux system, the boot partition (/boot) may be encrypted if the

bootloader A bootloader, also spelled as boot loader or called boot manager and bootstrap loader, is a computer program that is responsible for booting a computer. When a computer is turned off, its softwareincluding operating systems, application code, an ...

itself supports LUKS (e.g.

GRUB Grub can refer to Grub (larva), of the beetle superfamily Scarabaeoidea, or as a slang term for food. It can also refer to: Places * Grub, Appenzell Ausserrhoden, Switzerland * Grub, St. Gallen, Switzerland * Grub (Amerang), a hamlet in Bavar ...

). This is undertaken to prevent tampering of the Linux kernel. However, the first stage bootloader or an EFI system partition cannot be encrypted (see Full disk encryption#The boot key problem). On mobile Linux systems,

postmarketOS postmarketOS (abbreviated as pmOS) is an operating system primarily for smartphones, based on the Alpine Linux distribution. postmarketOS was launched on 26 May 2017 with the source code available on GitHub before migrating to GitLab in 2018. I ...

has develope
osk-sdl
to allow a full disk encrypted system to be unlocked using a touch screen.

Encrypted home directories

On systems running systemd, the systemd-homed component can be used to encrypt individual home directories.

Operating system support

The

reference implementation In the software development process, a reference implementation (or, less frequently, sample implementation or model implementation) is a program that implements all requirements from a corresponding specification. The reference implementation o ...

for LUKS operates on Linux and is based on an enhanced version of

cryptsetup dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike it ...

, using

dm-crypt dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike it ...

as the disk encryption backend. Under

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washin ...

Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ser ...

, LUKS-encrypted disks can be used via the

Windows Subsystem for Linux Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ser ...

. (Formerly, this was possible with LibreCrypt, which currently has fundamental security holes, and which succeeded

FreeOTFE FreeOTFE is a discontinued open source computer program for on-the-fly disk encryption (OTFE). On Microsoft Windows, and Windows Mobile (using FreeOTFE4PDA), it can create a virtual drive within a file or partition, to which anything written is ...

, formerly DoxBox.)

DragonFly BSD DragonFly BSD is a free and open-source Unix-like operating system forked from FreeBSD 4.8. Matthew Dillon, an Amiga developer in the late 1980s and early 1990s and FreeBSD developer between 1994 and 2003, began working on DragonFly BSD in ...

supports LUKS.

Installer support

Several Linux distributions allow the root device to be encrypted upon OS installation. These installers include

Calamares Squid is eaten in many cuisines; in English, the culinary name calamari is often used for squid dishes.''Oxford English Dictionary'', 3rd edition, 2002''s.v.''/ref> There are many ways to prepare and cook squid. Fried squid is common in the Me ...

Ubiquity Ubiquity is a synonym for omnipresence, the property of being present everywhere. Ubiquity may also refer to: * Ubiquity (software), a simple graphical installer made for the Ubuntu operating system * Ubiquity (Firefox), an experimental extensi ...

Debian-Installer Debian-Installer is a system installer designed for the Debian Linux distribution. It originally appeared in the Debian release 3.1 (Sarge), released on June 6, 2005, although the first release of a Linux distribution that used it was Skolelinux ...

, and more.

On-disk format

LUKS headers are forward compatible; newer versions of LUKS should be able to read headers of previous versions.

LUKS1

LUKS2

LUKS2 devices begin with a binary header intended to allow recognition and fast detection by

blkid In computing, the fdisk command-line utility provides disk-partitioning functions, preparatory to defining file systems. fdisk features in the DOS, DR FlexOS, IBM OS/2, and Microsoft Windows operating systems, and in certain ports of FreeBSD, ...

, which also contains information such as checksums. All strings used in a LUKS2 header are

null-terminated string In computer programming, a null-terminated string is a character string stored as an array containing the characters and terminated with a null character (a character with a value of zero, called NUL in this article). Alternative names are C str ...

s. Directly after the binary header comes the JSON area, containing the objects config (configuration), keyslots, digests, segments (describes encrypted areas on the disk), and tokens containing extra metadata. The binary format for regular luks2 keyslots are mostly similar to their predecessor, with the addition of different per-keyslot algorithms. Another type of key exists to allow redundancy in the case that a re-encryption process is interrupted.

Examples

Cryptsetup dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike it ...

is the reference implementation of the LUKS frontend. To encrypt a device with the path /dev/sda1: # cryptsetup luksFormat /dev/sda1 To unlock an encrypted device, where name is the mapped device name: # cryptsetup luksOpen /dev/sda1 name

Re-encrypting

Re-encrypting a LUKS container can be done either with the cryptsetup tool itself, or with a legacy tool called cryptsetup-reencrypt. These tools can also be used to add encryption to an existing unencrypted filesystem, or remove encryption from a block device. Both methods have similar syntax: # cryptsetup reencrypt /dev/sda1 # cryptsetup-reencrypt /dev/sda1

References

External links

*
Frequently Asked Questions (FAQ)LibreCrypt: Implementation for WindowsLUKS1 SpecificationLUKS2 Specification
{{Cryptographic software Cryptographic software Disk encryption Linux security software de:Dm-crypt#Erweiterung mit LUKS