Spaß mit Verschlüsselung

Privaten Schlüssel (AES-256/4096bit) erstellen:

openssl genrsa -aes256 -out private.pem 4096

Öffentlichen Schlüssel erstellen:

openssl rsa -in private.pem -outform PEM -pubout -out public

Datei verschlüsseln:

openssl rsautl -pubin -inkey public.pem -encrypt -in klartext.txt -out geheim.txt

Datei entschlüsseln:

openssl rsautl -inkey private.pem -decrypt -in geheim.txt -out klartext2.txt 

Read More

disk encryption (dm-crypt + LUKS, non-root)

encrypting external drives with dm-crypt and LUKS (hdd, flash etc.)

1) wipe potentially existing luks-header (optional)

dd if=/dev/zero of=/dev/sdX bs=512 count=20480

2) wipe existing partitions (optional)

3) setup luks-header

cryptsetup options luksFormat device


cryptsetup -v --cipher aes-xts-plain64 --key-size 512 \
--hash sha512 --iter-time 5000 --use-random luksFormat <device>

4) mount encrypted partition

simply mount


cryptsetup open <device> <name>

5) create file system

mkfs.fstype /dev/mapper/name

6) change user permissions (only accessible for root as default)

chown user:group <mount point>

Read More