Skip to content
/ luks_backup Public

shell scripts intended to save and restore LUKS critical data (such as header and master key) in safe manner

License

GPL-3.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

stanclai/luks_backup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
luks_restore.sh
luks_restore.sh
 
 
luks_save.sh
luks_save.sh
 
 

Repository files navigation

LUKS Backup Helper Scripts

Description

Two shell scripts intended to save and restore LUKS critical data (such as header and master key) in safe manner. In details that means that LUKS header and master key are protected by several hash sums, then are packed and encrypted with AES-256 (OFB). Encrypted tarball then gets additional protection using several recovery volumes. This last step is optional and is performed only if utility par2 is found on the host.

Usage

To save LUKS header backup

luks_save.sh <path_to_LUKS_device> [<basename_for_archive>] [--key-file|-k <path_to_keyfile>]

<path_to_LUKS_device>
Full path to encrypted device containing LUKS header
<basename_for_archive>
String identifying all fileset in the archive. If omitted, hostname will be used. If 'hostname' utility is not found, md5 of current date and time will be used. If 'date' is not found, just md5 of random crap from /dev/urandom will be used.
--key-file=<path_to_keyfile> | -k <path_to_keyfile>
For most operations cryptsetup asks for a key. If you have a keyfile, specify it here. Otherwise enter the password when prompted.

To restore LUKS header backup

luks_restore.sh <archive_file_name> [YES_I_WANT_TO_AUTOMAGICALLY_RESTORE_MY_LUKS_HEADER <luks_device>]

<archive_file_name>
Name of the encrypted archive with LUKS header backup
YES_I_WANT_TO_AUTOMAGICALLY_RESTORE_MY_LUKS_HEADER
You MUST provide this string as it is to automatically recover your corrupted LUKS header. It's very dangerous operation, so you'll do it at your own risk.
<luks_device>
LUKS device with corrupted header to restore from backup.

Complementary software used by scripts

Mainly that will do to have coreutils and cryptsetup on board. But there are some important details.

To work properly this script needs an utility xxd to be installed. In case you don't want to use it, feel free to modify the scripts and get rid of any reference of xxd. It will result in slightly longer tarball filenames.

Another utility used by this script is par2: recovery information generator. It's not mandatory to install it, though. But in case of damaged backup archive additional recovery volumes would be just what you'd want.

About

shell scripts intended to save and restore LUKS critical data (such as header and master key) in safe manner

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages