~ Return to the rest of the site
This information is not authoritative, nor from a place of deep knowledge.
To format a partition for LUKS, use
lsblk to determine the physical block device location for that partition and run
cryptsetup luksFormat [partition].
The passphrase used can be changed or removed after creation.
To open a LUKS partition, use
cryptsetup luksOpen [partition] [name].
This name is the name the decrypted block device location will take in
Before the decrypted block device has a filesystem it'll just be cleared space - use
To mount an opened LUKS partition, use
mount(8) as normal, just with the decrypted block device location.
To close an open LUKS partition,
umount(8) it if it's open and
cryptsetup luksClose [name].
To make the LUKS partition openable via keyfile, first make a keyfile (
dd if=/dev/urandom of=/root/keyfile bs=1024 count=4 seems to work), and optionally make it readable by root only (
chmod 0400 [keyfile]).
Then add the keyfile to the partition's LUKS header with
cryptsetup luksAddKey [physical partition block device] [keyfile].
SSH keys are typically stored in
Typically, the public key's filename will be suffixed with
.pub, while the private key will not.
You can generate an SSH key with
ssh-keygen(1). Currently the preferred implementation is
openssh-keygen, part of the OpenSSH suite.
Microsoft GitHub documentation suggests a user create a key with
ssh-keygen -t ed25519 -C "[e-mail address]".
This generates an Ed25519 SSH key with an e-mail address in the key comment.