Chapter 8. Encrypting block devices using LUKS

Disk encryption protects the data on a block device by encrypting it. To access the device’s decrypted contents, a user must provide a passphrase or key as authentication. This is particularly important when it comes to mobile computers and removable media; it helps to protect the device’s contents even if it has been physically removed from the system. The LUKS format is a default implementation of block device encryption in Red Hat Enterprise Linux.

Disk-encryption solutions like LUKS only protect the data when your system is off. Once the system is on and LUKS has decrypted the disk, the files on that disk are available to anyone who would normally have access to them. To protect your files when the computer is on, use disk encryption in combination with another solution, such as file-based encryption.

8.1. LUKS disk encryption

The Linux Unified Key Setup-on-disk-format (LUKS) enables you to encrypt block devices and it provides a set of tools that simplifies managing the encrypted devices. LUKS allows multiple user keys to decrypt a master key, which is used for the bulk encryption of the partition.

What LUKS does

  • LUKS encrypts entire block devices and is therefore well-suited for protecting contents of mobile devices such as removable storage media or laptop disk drives.
  • The underlying contents of the encrypted block device are arbitrary, which makes it useful for encrypting swap devices. This can also be useful with certain databases that use specially formatted block devices for data storage.
  • LUKS uses the existing device mapper kernel subsystem.
  • LUKS provides passphrase strengthening which protects against dictionary attacks.
  • LUKS devices contain multiple key slots, allowing users to add backup keys or passphrases.
What LUKS does not do

  • LUKS is not well-suited for scenarios that require many users to have distinct access keys to the same device. The LUKS1 format provides eight key slots, LUKS2 up to 32 key slots.
  • LUKS is not well-suited for applications requiring file-level encryption.

8.1.1. LUKS implementation in RHEL

Red Hat Enterprise Linux utilizes LUKS to perform file system encryption. By default, the option to encrypt the file system is unchecked during the installation. If you select the option to encrypt your hard drive, you are prompted for a passphrase every time you boot the computer. This passphrase “unlocks” the bulk encryption key that decrypts your partition. If you choose to modify the default partition table you can choose which partitions you want to encrypt. This is set in the partition table settings.

In Red Hat Enterprise Linux 8, the default format is LUKS2. The legacy LUKS (LUKS1) remains fully supported and it is provided as a backward compatible format. The LUKS2 format is inspired by LUKS1 and in certain situations can be converted from LUKS1. The conversion is not possible specifically in the following scenarios:

  • A LUKS1 device is marked as being used by a Policy-Based Decryption (PBD - Clevis) solution. The cryptsetup tool refuses to convert the device when some luksmeta metadata are detected.
  • A device is active. The device must be in the inactive state before any conversion is possible.

The LUKS2 format is designed to enable future updates of various parts without a need to modify binary structures. LUKS2 internally uses JSON text format for metadata, provides redundancy of metadata, detects metadata corruption and allows automatic repairs from a metadata copy.

Important

Do not use LUKS2 in production systems that need to be compatible with older systems that support only LUKS1. Note that Red Hat Enterprise Linux 7 supports the LUKS2 format since version 7.6.

The default cipher used for LUKS is aes-xts-plain64. The default key size for LUKS is 512 bits. The default key size for LUKS with Anaconda (XTS mode) is 512 bits. Ciphers that are available are:

  • AES - Advanced Encryption Standard - FIPS PUB 197
  • Twofish (a 128-bit block cipher)
  • Serpent

Additional resources

8.2. Encrypting data on a not yet encrypted device

The following procedure contains steps to encrypt data on a not yet encrypted device using the LUKS2 format.

Important

To encrypt the device using the legacy LUKS1 format, use the cryptsetup-reencrypt utility. For more information, see the cryptsetup-reencrypt(8) man page.

Prerequisites

  • Your data are backed up.
  • File systems on the device to be encrypted are not mounted.
Procedure

You can lose your data during the encryption process; due to a hardware, kernel, or human failure. Ensure that you have a reliable backup before you start encrypting the data.

  1. Back up the data from the device that will be encrypted.

  2. Unmount all file systems on the device, for example: 

    # umount /dev/sdb1

  3. Make free space for storing a LUKS header. Choose one of the following options that suit your scenario:

    1. In the case of encrypting a logical volume, you can extend the logical volume without resizing the file system, for example: 

      # lvextend -L+32M vg00/lv00
    2. Extend the partition using partition management tools, such as parted.
    3. Shrink the file system on the device. You can use the resize2fs utility for the ext2, ext3, or ext4 file systems. Note that the xfs file system cannot be shrunk.

  4. Initialize the encryption while storing a new LUKS header in the head of the device. The following command asks you for a passphrase and starts the encryption process, for example: 

    # cryptsetup reencrypt --encrypt --init-only --reduce-device-size 32M /dev/sdb1

  5. Open the device: 

    # cryptsetup open /dev/sdb1 sdb1_encrypted

  6. Mount the device: 

    # mount /dev/mapper/sdb1_encrypted /mnt/sdb1_encrypted

  7. Start the online encryption: 

    # cryptsetup reencrypt --resume-only /dev/sdb1

Additional resources

  • For more details, see the cryptsetup(8), lvextend(8), resize2fs(8), and parted(8) man pages.

8.3. Encrypting data on a not yet encrypted device while storing a LUKS header in a detached file

The following procedure describes how to encrypt a file system without creating free space for storing a LUKS header. The header is stored in a detached location, which can be also used as an additional layer of security.

The procedure uses the LUKS2 encryption format.

Important

To encrypt the device using the legacy LUKS1 format, use the cryptsetup-reencrypt utility. For more information, see the cryptsetup-reencrypt(8) man page.

Procedure

You can lose your data during the encryption process; due to a hardware, kernel, or human failure. Ensure that you have a reliable backup before you start encrypting the data.

  1. Back up the data from the device that will be encrypted.

  2. Unmount all file systems on the device, for example: 

    # umount /dev/sdb1

  3. Initialize the encryption while providing a path to the file with a detached LUKS header in the --header parameter. The following command asks you for a passphrase and starts the encryption process: 

    # cryptsetup reencrypt --encrypt --init-only --header /path/to/header /dev/sdb1

    Note that the detached LUKS header has to be accessible so that the encrypted device - /dev/sdb1 in this procedure - can be unlocked later.

  4. Open the device: 

    # cryptsetup open /dev/sdb1 --header /path/to/header sdb1_encrypted

  5. Mount the device: 

    # mount /dev/mapper/sdb1_encrypted /mnt/sdb1_encrypted

  6. Start the online encryption: 

    # cryptsetup reencrypt --resume-only --header /path/to/header /dev/sdb1

Additional resources

  • For more details, see the cryptsetup(8) man page.