~ Return to the rest of the site


updated 2021-11-09

This information is not authoritative, nor from a place of deep knowledge.

LUKS partitioning


To format a partition for LUKS, use lsblk to determine the physical block device location for that partition and run cryptsetup luksFormat [partition]. The passphrase used can be changed or removed after creation.

To open a LUKS partition, use cryptsetup luksOpen [partition] [name]. This name is the name the decrypted block device location will take in /dev/mapper/. Before the decrypted block device has a filesystem it'll just be cleared space - use mkfs.[filesystem] /dev/mapper/[name].

To mount an opened LUKS partition, use mount(8) as normal, just with the decrypted block device location.

To close an open LUKS partition, umount(8) it if it's open and cryptsetup luksClose [name].

To make the LUKS partition openable via keyfile, first make a keyfile (dd if=/dev/urandom of=/root/keyfile bs=1024 count=4 seems to work), and optionally make it readable by root only (chmod 0400 [keyfile]). Then add the keyfile to the partition's LUKS header with cryptsetup luksAddKey [physical partition block device] [keyfile].

SSH keys


SSH keys are typically stored in $HOME/.ssh.

Typically, the public key's filename will be suffixed with .pub, while the private key will not.

You can generate an SSH key with ssh-keygen(1). Currently the preferred implementation is openssh-keygen, part of the OpenSSH suite.

Microsoft GitHub documentation suggests a user create a key with ssh-keygen -t ed25519 -C "[e-mail address]". This generates an Ed25519 SSH key with an e-mail address in the key comment.