https://github.com/xaionaro-go/trezorluks

A wrapper around "cryptsetup" to use a key from a Trezor device instead of a password
https://github.com/xaionaro-go/trezorluks

cryptsetup encrypt fs luks trezor

Last synced: 3 months ago
JSON representation

A wrapper around "cryptsetup" to use a key from a Trezor device instead of a password

• Host: GitHub
• URL: https://github.com/xaionaro-go/trezorluks
• Owner: xaionaro-go
• License: cc0-1.0
• Created: 2018-06-09T11:36:08.000Z (about 8 years ago)
• Default Branch: master
• Last Pushed: 2019-09-01T11:20:30.000Z (almost 7 years ago)
• Last Synced: 2025-11-17T14:42:04.248Z (7 months ago)
• Topics: cryptsetup, encrypt, fs, luks, trezor
• Language: Go
• Homepage:
• Size: 12.7 KB
• Stars: 21
• Watchers: 2
• Forks: 6
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
This's a simple utility that uses option `--key-file` of `cryptsetup` to use a key generated by a Trezor device instead of a password. Also if you want to do that manually, you can use utility [trezorCipherKeyValue](https://github.com/xaionaro-go/trezorCipherKeyValue) instead of this one.

Install:

```sh

go get github.com/xaionaro-go/trezorLuks

go install github.com/xaionaro-go/trezorLuks

```

Example:

```sh

`go env GOPATH`/bin/trezorLuks luksFormat /dev/loop0

`go env GOPATH`/bin/trezorLuks luksOpen /dev/loop0 mySecureStorage

```

With a custom key (default key name is "luks"):

```sh

`go env GOPATH`/bin/trezorLuks --trezor-key-name myKey luksFormat /dev/loop0

`go env GOPATH`/bin/trezorLuks luksOpen /dev/loop0 mySecureStorage

```

Passing an option to cryptsetup:

```sh

`go env GOPATH`/bin/trezorLuks -- --verbose luksOpen /dev/loop0 mySecureStorage

```

Session example:

```sh

$ sudo ./trezorLuks luksFormat /dev/loop0

Sent the request to the Trezor device (please confirm the operation if required)

Running: cryptsetup [--key-file - luksFormat /dev/loop0]

$ sudo ./trezorLuks luksOpen /dev/loop0 test

Sent the request to the Trezor device (please confirm the operation if required)

Running: cryptsetup [--key-file - luksOpen /dev/loop0 test]

$ ls -ld /dev/mapper/test

lrwxrwxrwx 1 root root 7 Jun  9 17:25 /dev/mapper/test -> ../dm-0

$ sudo ./trezorLuks luksClose test

Running: cryptsetup [luksClose test]

$ ls -ld /dev/mapper/test

ls: cannot access '/dev/mapper/test': No such file or directory

```

See also:

* [trezorCipherKeyValue](https://github.com/xaionaro-go/trezorCipherKeyValue)

Other projects (to encrypt FS using Trezor):

* [gocryptfs](https://github.com/rfjakob/gocryptfs/pull/243)

Documentation:

* [LUKS On-Disk Format Specification Version 1.0](http://clemens.endorphin.org/LUKS-on-disk-format.pdf)

* [SLIP-0011 : Symmetric encryption of key-value pairs using deterministic hierarchy](https://github.com/satoshilabs/slips/blob/master/slip-0011.md)