You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

77 lines
1.7 KiB

#!/usr/bin/env sh
CIPHER="aes-xts-plain64"
KEYSIZ='512'
HSHTYP='sha512'
ITTIME='5000'
USERAN='random'
DEVICE="${1}"
# WE NEED ROOT PRIVILEGES
if [ $EUID -ne 0 ]; then
echo "This script must be run as root."
exit 1
fi
# CONFIRM THE DEVICE
echo "You are about to format the following device with LUKS:"
echo ""
\lsblk -o NAME,SIZE,FSTYPE,MOUNTPOINT,LABEL,UUID "${DEVICE}"
echo ""
echo -n "Are you sure [y/N]? "
read CONFRM
echo ""
if [ "${CONFRM,,}" = "y" ]; then
echo -n "Fill ${DEVICE} with random data [Y/n]? "
read DEVFIL
echo ""
if [ "${DEVFIL,,}" = "n" ]; then
echo "Not filling ${DEVICE} with random data."
else
echo "Filling ${DEVICE} with random data..."
echo ""
openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt </dev/zero | sudo dd of=${DEVICE} bs=4M status=progress
fi
echo ""
echo "Setting up encryption with password..."
echo ""
cryptsetup --type luks${LKSTYP} --verbose --cipher "${CIPHER}" --key-size "${KEYSIZ}" --hash "${HSHTYP}" --iter-time "${ITTIME}" --use-${USERAN} --verify-passphrase luksFormat "${DEVICE}"
echo ""
echo -n "Do you wish to also use a key file [y/N]? "
read CONFRM
echo ""
if [ "${CONFRM,,}" = "y" ]; then
echo -n "Path to key file: "
read EKFILE
echo ""
cryptsetup --verbose luksAddKey "${DEVICE}" "${EKFILE}"
echo ""
fi
DVUUID="$(\lsblk -nlo UUID "${DEVICE}")"
DVNAME="$(\lsblk -nlo MODEL,SERIAL "${DEVICE}" | sed 's/ */ /g' | tr ' ' '_')"
echo "Added the following line to /etc/crypttab:"
echo ""
echo "${DVNAME}"$'\t'"UUID=${DVUUID}"$'\t'"${EKFILE}"$'\t'"cipher=aes-xts-plain64:sha512:size=512" | tee -a /etc/crypttab
echo ""
else
echo "Aborting."
fi