├── LICENSE ├── README.md └── luks-ops.sh /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc., 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Lesser General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | {description} 294 | Copyright (C) {year} {fullname} 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License along 307 | with this program; if not, write to the Free Software Foundation, Inc., 308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 309 | 310 | Also add information on how to contact you by electronic and paper mail. 311 | 312 | If the program is interactive, make it output a short notice like this 313 | when it starts in an interactive mode: 314 | 315 | Gnomovision version 69, Copyright (C) year name of author 316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 317 | This is free software, and you are welcome to redistribute it 318 | under certain conditions; type `show c' for details. 319 | 320 | The hypothetical commands `show w' and `show c' should show the appropriate 321 | parts of the General Public License. Of course, the commands you use may 322 | be called something other than `show w' and `show c'; they could even be 323 | mouse-clicks or menu items--whatever suits your program. 324 | 325 | You should also get your employer (if you work as a programmer) or your 326 | school, if any, to sign a "copyright disclaimer" for the program, if 327 | necessary. Here is a sample; alter the names: 328 | 329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 330 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 331 | 332 | {signature of Ty Coon}, 1 April 1989 333 | Ty Coon, President of Vice 334 | 335 | This General Public License does not permit incorporating your program into 336 | proprietary programs. If your program is a subroutine library, you may 337 | consider it more useful to permit linking proprietary applications with the 338 | library. If this is what you want to do, use the GNU Lesser General 339 | Public License instead of this License. 340 | 341 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | LUKS-OPs 2 | ======== 3 | 4 | [![Join the chat at https://gitter.im/JohnTroony/LUKS-OPs](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/JohnTroony/LUKS-OPs?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) 5 | 6 | ### What is Luks-Ops? 7 | A bash script to automate the most basic usage of LUKS and Cryptsetup in Linux. 8 | 9 | Like: 10 | 11 | * Creating a virtual disk volume with LUKS format. 12 | * Mounting an existing LUKS volume 13 | * Unmounting a Single LUKS volume or all LUKS volume in the system. 14 | * Creating a LUKS encrypted filesystem on removable disks (like USBs) 15 | 16 | ### What Luks-Ops is not? 17 | * A replacement for LUKS or Cryptsetup. 18 | 19 | ### Why I started writing this script? 20 | * To encrypt my files on Dropbox 21 | * To encrypt some files on my VPS 22 | * To have fun.. 23 | 24 | 25 | ### Basic Usage 26 | 27 | There is an option for a menu: 28 | ```bash 29 | luks-ops.sh menu 30 | ``` 31 | 32 | Other options include: 33 | ```bash 34 | 1) luks-ops.sh new DISKNAME 512 35 | 2) luks-ops.sh mount /path/to/device MOuntPoint 36 | 3) luks-ops.sh unmount-all 37 | 4) luks-ops.sh clean 38 | 5) luks-ops.sh usage 39 | ``` 40 | 1. Will create a virtual-disk named DISKNAME with size 512 MB 41 | 2. Will mount device at MountPoint 42 | 3. Will unmount all luks volume mounted 43 | 4. Will clean all unfinished setups incase of errors (But I recommend using 4) 44 | 5. Will print help message 45 | 46 | 47 | ### Default Options: 48 | 49 | * Virtual-disk size = 512 MB and it's created on /usr/ directory 50 | * Default filesystem used = ext4 51 | * **Cipher options:** 52 | * Creating LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing: sha1, RNG: /dev/urandom 53 | * plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: ripemd160 (about-time :smile:) 54 | * Mounting point = /media/luks_* where * is random-string. 55 | * Others.. 56 | **NB.** You can change /dev/urandom to /dev/zero (speed?) 57 | 58 | ### Dependencies (Install applications:) 59 | 1. **dmsetup** -- low level logical volume management 60 | 2. **cryptsetup** -- manage plain dm-crypt and LUKS encrypted volumes 61 | 62 | **NB: Run as root.** 63 | 64 | #### But make sure you read the man pages and other online Doc about LUKS 65 | * man cryptsetup (or cryptsetup --help) 66 | * man dmsetup 67 | 68 | #### TODO 69 | 1. Support for multiple user keys 70 | 2. Remote unlocking LUKS encrypted LVM 71 | 3. ZSH completion 72 | 4. [ Include other user requests here ] 73 | 74 | ### Read.. 75 | 76 | The LUKS website at http://code.google.com/p/cryptsetup/ 77 | 78 | The cryptsetup FAQ, contained in the distribution package and online at http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions 79 | 80 | The cryptsetup mailing list and list archive, see FAQ entry 1.6. 81 | 82 | The LUKS on-disk format specification available at http://code.google.com/p/cryptsetup/wiki/Specification 83 | -------------------------------------------------------------------------------- /luks-ops.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Bash script for managing LUKS volumes in Linux: 4 | # You can create a virtual encrypted Linux FS volume from a file block. 5 | # Helps you mount and unmount LUKS partitions. 6 | # Author: John Troon 7 | 8 | 9 | ################################################################################ 10 | # Variables 11 | constant="luks_" 12 | cryptdev=$(cat < /dev/urandom | tr -dc "[:lower:]" | head -c 8) 13 | logs=$(cat < /dev/urandom | tr -dc "[:lower:]" | head -c 4) 14 | temp_name="$constant$logs" 15 | now=$(date +"-%b-%d-%y-%H%M%S") 16 | 17 | 18 | ####### Some Color variables for "secsyness" 19 | 20 | # colors for errors and warnings 21 | red=$(tput setab 0; tput setaf 1) 22 | yellow=$(tput setab 0; tput setaf 3) 23 | none=$(tput sgr0) 24 | 25 | # colors for messages 26 | green="\033[32m" 27 | blue="\033[34m" 28 | normal="\033[0m" 29 | 30 | ################################################################################ 31 | ## PREPS 32 | 33 | # Print out intro banner 34 | function intro(){ 35 | echo -e "$yellow =========================================================$none" 36 | echo -e "$green \tLUKS-OPs for basic LUKS operations in Linux. $normal" 37 | echo -e "$green \t\tBeta Version $normal" 38 | echo -e "$yellow =========================================================$none" 39 | } 40 | 41 | # Check if the required applications are installed 42 | type -P dmsetup &>/dev/null || { echo -e "$red dmestup is not installed. Damn! $none" >> "$LOGFILE" 2>&1; exit 1; } 43 | type -P cryptsetup &>/dev/null || { echo -e "$red cryptsetup is not installed. Damn! $none" >> "$LOGFILE" 2>&1; exit 1; } 44 | 45 | # Confirm if user is root 46 | if [ $UID -ne 0 ]; then 47 | echo -e "$red User not root! Please run as root. $none" 48 | exit 1; 49 | fi 50 | 51 | clear 52 | 53 | # Variable that requires super-user to be set 54 | loopdev=$(losetup -f) 55 | 56 | 57 | ##### SECTION: FUNCTIONS 58 | 59 | ############################### a) choose_disk 60 | # Get Disk Name from user. If not, a random one is used. 61 | function choose_disk(){ 62 | read -p "Enter USB/Removable Disk to Format (e.g. /dev/sdx) : " disk 63 | while [[ -z $disk ]]; do 64 | read -p "You must enter a USB/Removable Disk to Format: " disk 65 | done 66 | } 67 | 68 | 69 | 70 | ################################ b) confirm_disk 71 | # Confirm if the Disk is correctly SET 72 | function confirm_disk(){ 73 | read -p "Are you sure you want to use $disk ? YES/NO : " confirm 74 | while [[ -z $confirm ]]; do 75 | read -p "Please confirm with 'YES' or deny with 'NO': " confirm 76 | done 77 | 78 | if [ $confirm == 'YES' ]; then 79 | echo -e "$red \n We are going to use $disk \n $normal" 80 | 81 | elif [ $confirm == 'NO' ]; then 82 | echo -e "$red \n Please select another DISK to use... \n $normal" 83 | choose_disk 84 | 85 | else 86 | confirm_disk 87 | 88 | fi 89 | 90 | } 91 | 92 | 93 | ################################ c) check_disk 94 | # Check if file already exists. 95 | function check_disk(){ 96 | while [ ! -e "$disk" ]; do 97 | echo -e "$red Disk selected is not available! ($disk) $none" 98 | echo -e "$yellow Please use another Disk $none" 99 | choose_disk 100 | confirm_disk 101 | 102 | done 103 | } 104 | 105 | ############################################################################## 1) Clean 106 | ## Function that tries to clean up LUKS setup that failed to mount 107 | function Clean(){ 108 | Close_luks=$(dmsetup ls | cut -d$'\t' -f 1 | xargs -I % cryptsetup luksClose %) 109 | lo_detach=$(losetup -a | grep loop | cut -d':' -f 1 | xargs -I % losetup -d %) 110 | 111 | $Close_luks >> "$LOGFILE" 2>&1 112 | $lo_detach >> "$LOGFILE" 2>&1 113 | 114 | echo -e "$yellow Log File : $LOGFILE $none" 115 | exit 1; 116 | } 117 | 118 | ############################################################################## 2) New_volume 119 | # Function to create a new encrypted virtual Linux FS volume with LUKS 120 | function New_volume(){ 121 | 122 | # Variables for New_volume() 123 | Mapper="/dev/mapper/$cryptdev" 124 | node="/media/$temp_name" 125 | 126 | # Get Size of the volume to create . Default is 512 MB 127 | read -p "Enter size (MB) of the virtual volume to create [default 512] : " size 128 | while [[ -z $size ]]; do 129 | size=512 130 | done 131 | 132 | # Exit if Size of Volume is invalid. 133 | if [[ ! "$size" =~ [0-9] ]]; then 134 | echo -e "$red invalid size number! $none" 135 | exit 1; 136 | else 137 | size=$(echo "$size" | tr -dc 0-9) 138 | echo -e "$green $blue $size MB $normal is set as your default virtual disk capacity. (Numbers Only) \n $normal" 139 | fi 140 | 141 | # Get Disk Name from user. If set not, a random one is used. 142 | read -p "Enter label for the Volume to create [default LUKS_randomString] : " name 143 | while [[ -z $name ]]; do 144 | name="$temp_name" 145 | done 146 | 147 | # Remove special chars from name 148 | name=$(echo "$name" | tr -dc a-zA-Z) 149 | 150 | # Exit if file already exists. 151 | if [ -f "/usr/$name" ]; then 152 | echo -e "$red A File named $name is already available! (/usr/$name) $none" 153 | echo -e "$yellow Please use another label or delete the existing file$none" 154 | exit 1; 155 | else 156 | 157 | # Print the sanitized Label for the volume 158 | echo -e "$green $blue $name $normal is set as your default virtual disk name. (No special chars). \n $normal" 159 | fi 160 | 161 | # Just keeping the user patient :) 162 | echo -e "$yellow Keep calm.. Creating File Block. This might take time depending on the size & your machine! \n $none" 163 | 164 | # Create a file-block 165 | base="/usr/$name" 166 | dd if=/dev/zero of="$base" bs=1M count="$size" >> "$LOGFILE" 2>&1 167 | echo -e "$green \nDone creating the block file $name in /usr/ directory. \n $normal" 168 | 169 | # Create a block device from the file-block. 170 | losetup "$loopdev" "/usr/$name" >> "$LOGFILE" 2>&1 171 | 172 | # variables for testing losetup (loop-device setup) 173 | confirm_lo=$(losetup -a | grep "$loopdev" | grep -o -P '(?<=\().*(?=\))') 174 | confirm_final=${confirm_lo##*/} 175 | match="$name" 176 | 177 | # Test if losetup is fine before we continue execution 178 | if [[ "$confirm_final" != "$match" ]]; then 179 | echo -e "$red There was a problem setting up LUKS.. Try $0 new device-name device-size. \n $none" 180 | echo -e "$yellow Check Log file $LOGFILE $none" 181 | rm "$base" >> "$LOGFILE" 2>&1 182 | 183 | # Uncomment For Debugging Only 184 | #echo "confirm Loop Back is $confirm_final" 185 | #echo "confirm Match is $match" 186 | 187 | Clean 188 | exit 1; 189 | fi 190 | 191 | # Select a full cipher/mode/iv specification to use. Default is aes-xts-plain64 192 | echo -e "$green ################################################ $normal" 193 | echo -e "$blue Select a full cipher/mode/iv specification to use $normal" 194 | 195 | a="AES-CBC-ESSIV:SHA256" 196 | b="AES-XTS-PLAIN64" 197 | c="Twofish-ECB" 198 | d="SERPENT-CBC-PLAIN" 199 | e="CUSTOM" 200 | 201 | echo -e "$yellow 1)$a 2)$b 3)$c 4)$d 5)$e $none" 202 | 203 | read full_spec 204 | while [[ -z "$full_spec" ]]; do 205 | full_spec=2 206 | done 207 | 208 | # Use the selected cipher to luksformat the created Loop-device 209 | case $full_spec in 210 | 1) cryptsetup luksFormat -c aes-cbc-essiv:sha256 "$loopdev" 211 | ;; 212 | 2) cryptsetup luksFormat -c aes-xts-plain64 "$loopdev" 213 | ;; 214 | 3) cryptsetup luksFormat -c serpent-cbc-plain "$loopdev" 215 | ;; 216 | 4) cryptsetup luksFormat -c twofish-ecb "$loopdev" 217 | ;; 218 | 5) read -p "Specify a full cipher/mode/iv to use: " custom 219 | while [[ -z "$custom" ]]; do 220 | echo -e "$red \nNothing entered.. Using default cipher..\n $none" 221 | cryptsetup luksFormat -c aes-xts-plain64 "$loopdev" 222 | done 223 | cryptsetup luksFormat -c "$custom" "$loopdev" 224 | ;; 225 | *) echo -e "$red Bad option! Throw your computer in a tub full of water! \n $none" 226 | exit 1; 227 | ;; 228 | esac 229 | 230 | # Setup/open Loop-Device 231 | cryptsetup luksOpen "$loopdev" "$cryptdev" >> "$LOGFILE" 2>&1 232 | 233 | # variable used below in testing luksopen status 234 | confirm_crypt=$(dmsetup ls | cut -d$'\t' -f 1 | grep "$cryptdev") 235 | 236 | # test if luksopen was successful before proceeding 237 | if [[ "$confirm_crypt" != "$cryptdev" ]]; then 238 | echo -e "$red There was a problem setting up LUKS.. Check Log file $LOGFILE . $none" 239 | echo -e "$yellow Password did not Match or If you entered lower-case yes use YES next time.\n $none" 240 | rm "$base" >> "$LOGFILE" 2>&1 241 | #uncomment for debugging only 242 | #echo "CryptDevice = "$cryptdev 243 | #echo "Matching cryptdev = "$confirm_cryp 244 | exit 1; 245 | fi 246 | 247 | # Show possible setups in the system (if empty, then it's an error! We should have at least one by now.) 248 | echo -e "$green \nList of dmsetup current on your system... $normal" 249 | dmsetup ls 250 | 251 | # Section: Create a file system 252 | echo 253 | 254 | # File-System menu 255 | a="Ext3" 256 | b="Ext4" 257 | c="BtrFS" 258 | d="BFS" 259 | e="NTFS" 260 | f="vFAT" 261 | g="OTHER" 262 | 263 | 264 | 265 | echo -e "$green Select File system to use e.g 2 :\n $normal" 266 | echo -e "$yellow 1)$a\t\n 2)$b\t\n 3)$c\t\n 4)$d\t\n 5)$e\t\n 6)$f\t\n 7)$g $none" 267 | 268 | # Get user option, if no selection made, default is Ext4. 269 | read option 270 | while [[ -z "$option" ]]; do 271 | option=2 272 | done 273 | 274 | # Use option selected to create a file-system (default is ext4, option 2) 275 | case "$option" in 276 | 1) mkfs.ext3 -L "$name" "/dev/mapper/$cryptdev" >> "$LOGFILE" 2>&1 277 | ;; 278 | 2) mkfs.ext4 -L "$name" "/dev/mapper/$cryptdev" >> "$LOGFILE" 2>&1 279 | ;; 280 | 3) mkfs.btrfs -L "$name" "/dev/mapper/$cryptdev" >> "$LOGFILE" 2>&1 281 | ;; 282 | 4) mkfs.bfs -V "$name" "/dev/mapper/$cryptdev" >> "$LOGFILE" 2>&1 283 | ;; 284 | 5) mkfs.ntfs -L "$name" "/dev/mapper/$cryptdev" >> "$LOGFILE" 2>&1 285 | ;; 286 | 6) mkfs.vfat -n "$name" "/dev/mapper/$cryptdev" >> "$LOGFILE" 2>&1 287 | ;; 288 | 7) read -p "Specify file system to use: " fileSys 289 | mkfs."$fileSys" "/dev/mapper/$cryptdev" >> "$LOGFILE" 2>&1 290 | ;; 291 | *) echo -e "$red No match found! Your are not serious /0\ \n $none" 292 | Clean 293 | exit 1; 294 | ;; 295 | esac 296 | 297 | # Print Stats/Details 298 | echo -e "$yellow Disk-Name:\t $name\n Path:\t\t /usr/$name\n Loop-Device:\t $loopdev\n Mapper:\t $Mapper\n Mount point:\t $node\n $none" 299 | 300 | # mount volume 301 | mkdir "$node" >> "$LOGFILE" 2>&1 302 | mount "/dev/mapper/$cryptdev" "$node" >> "$LOGFILE" 2>&1 303 | 304 | # This Line might not work in some Linux systems! 305 | chown -HR "$SUDO_USER" "$node" >> "$LOGFILE" 2>&1 306 | 307 | # Done 308 | echo -e "$yellow You can delete $node after use. \n $none" 309 | echo -e "$yellow Log File : $LOGFILE $none" 310 | exit 1; 311 | } 312 | 313 | 314 | ############################################################################## 3) USB_volume 315 | # Function to Setup a new USB/Removable volume with LUKS 316 | 317 | function USB_volume(){ 318 | 319 | #Function's Variables 320 | Mapper="/dev/mapper/$cryptdev" 321 | node="/media/$temp_name" 322 | 323 | 324 | # Get list of all available disks to we can use. 325 | echo -e "$green Probing for all the Disks available in the System: \n $normal" 326 | lshw -class disk | grep "logical name" 327 | 328 | # Warning, wrong disk selections is equal to disaster! 329 | echo -e "$red \n WARNING!: Please CHOOSE the correct disk, using a wrong disk drive WILL destroy your data! \n $normal" 330 | 331 | # Call function to select Disk to use 332 | choose_disk 333 | 334 | # Call function to check if Disk Exist 335 | check_disk 336 | 337 | # Call function to confirm the selects Disk to use 338 | confirm_disk 339 | 340 | # Last Warning! 341 | echo -e "$red \n WARNING!: Make sure you've a backup of the Disk you've selected. : $disk \n $normal" 342 | 343 | # Unmount any mounted partitions of the selected Disk 344 | for n in "$disk""*" ; do umount $n ; done 345 | 346 | # TO-DO: Prepare the Removable device 347 | #base="/usr/$name" 348 | #dd if=/dev/zero of="$base" bs=1M count="$size" >> "$LOGFILE" 2>&1 349 | #echo -e "$green \nDone creating the block file $name in /usr/ directory. \n $normal" 350 | 351 | # create a primary partition on the disk using fdisk 352 | (echo o; echo n; echo p; echo 1; echo ; echo; echo w) | fdisk $disk 353 | 354 | # Check if the partition was created. 355 | disk2="$disk""1" 356 | if [ -z $disk2 ]; then 357 | echo -e "$red I can't confirm if the Removable Storage device was partitioned $none" 358 | echo -e "$yellow Please confirm if $disk2 exist $none" 359 | exit 1; 360 | fi 361 | 362 | 363 | # Select a full cipher/mode/iv specification to use. Default is aes-xts-plain64 364 | echo -e "$green ################################################ $normal" 365 | echo -e "$blue Select a full cipher/mode/iv specification to use $normal" 366 | a="AES-CBC-ESSIV:SHA256" 367 | b="AES-XTS-PLAIN64" 368 | c="Twofish-ECB" 369 | d="SERPENT-CBC-PLAIN" 370 | e="CUSTOM" 371 | 372 | echo -e "$yellow 1)$a 2)$b 3)$c 4)$d 5)$e $none" 373 | 374 | read full_spec 375 | while [[ -z "$full_spec" ]]; do 376 | full_spec=2 377 | done 378 | 379 | # Use the selected cipher to luksformat the created Loop-device 380 | case $full_spec in 381 | 1) cryptsetup --verify-passphrase luksFormat -c aes-cbc-essiv:sha256 "$disk2" 382 | ;; 383 | 2) cryptsetup --verify-passphrase luksFormat -c aes-xts-plain64 "$disk2" 384 | ;; 385 | 3) cryptsetup --verify-passphrase luksFormat -c serpent-cbc-plain "$disk2" 386 | ;; 387 | 4) cryptsetup --verify-passphrase luksFormat -c twofish-ecb "$disk2" 388 | ;; 389 | 5) read -p "Specify full cipher/mode/iv to use: " custom 390 | while [[ -z "$custom" ]]; do 391 | echo -e "$red \nNothing entered.. Using default cipher..\n $none" 392 | cryptsetup --verify-passphrase luksFormat -c aes-xts-plain64 "$disk2" 393 | done 394 | cryptsetup --verify-passphrase luksFormat -c "$custom" "$disk2" 395 | ;; 396 | *) echo -e "$red Bad option! Slap your face.. \n $none" 397 | exit 1; 398 | ;; 399 | esac 400 | 401 | # Setup Loop-Device 402 | cryptsetup luksOpen "$disk2" "$cryptdev" >> "$LOGFILE" 2>&1 403 | 404 | # variable to test luksopen status 405 | confirm_crypt=$(dmsetup ls | cut -d$'\t' -f 1 | grep "$cryptdev") 406 | 407 | # test if luksopen was successful before proceeding 408 | if [[ "$confirm_crypt" != "$cryptdev" ]]; then 409 | echo -e "$red There was a problem setting up LUKS.. Check Log file $LOGFILE . $none" 410 | echo -e "$yellow Password did not Match or If you entered lower-case yes use YES next time.\n $none" 411 | rm "$base" >> "$LOGFILE" 2>&1 412 | 413 | #uncomment while debugging only 414 | #echo "CryptDevice = "$cryptdev 415 | #echo "Matching cryptdev = "$confirm_cryp 416 | 417 | exit 1; 418 | fi 419 | 420 | # Show possible setups in the system (We should have at least one by now) 421 | echo -e "$green \nList of dmsetup current on your system... $normal" 422 | dmsetup ls 423 | 424 | # Section: Create a file system 425 | echo 426 | 427 | 428 | # File-System menu 429 | a="Ext3" 430 | b="Ext4" 431 | c="BtrFS" 432 | d="BFS" 433 | e="NTFS" 434 | f="vFAT" 435 | g="OTHER" 436 | 437 | echo -e "$green Select File system to use e.g 2 :\n $normal" 438 | echo -e "$yellow 1)$a\t\n 2)$b\t\n 3)$c\t\n 4)$d\t\n 5)$e\t\n 6)$f\t\n 7)$g $none" 439 | 440 | read option 441 | while [[ -z "$option" ]]; do 442 | option=6 443 | done 444 | 445 | # Use option selected to make file-system (default is ext4, option 2) 446 | case "$option" in 447 | 1) mkfs.ext3 -L "$name" "/dev/mapper/$cryptdev" >> "$LOGFILE" 2>&1 448 | ;; 449 | 2) mkfs.ext4 -L "$name" "/dev/mapper/$cryptdev" >> "$LOGFILE" 2>&1 450 | ;; 451 | 3) mkfs.btrfs -L "$name" "/dev/mapper/$cryptdev" >> "$LOGFILE" 2>&1 452 | ;; 453 | 4) mkfs.bfs -V "$name" "/dev/mapper/$cryptdev" >> "$LOGFILE" 2>&1 454 | ;; 455 | 5) mkfs.ntfs -L "$name" "/dev/mapper/$cryptdev" >> "$LOGFILE" 2>&1 456 | ;; 457 | 6) mkfs.vfat -n "$name" "/dev/mapper/$cryptdev" >> "$LOGFILE" 2>&1 458 | ;; 459 | 7) read -p "Specify file system to use: " fileSys 460 | mkfs."$fileSys" "/dev/mapper/$cryptdev" >> "$LOGFILE" 2>&1 461 | ;; 462 | *) echo -e "$red No match found! You are kidding right? \n $none" 463 | Clean 464 | exit 1; 465 | ;; 466 | esac 467 | 468 | # Print Stats/Details 469 | echo -e "$yellow Disk-Name:\t $disk\n Partition:\t $disk2\n Mapper:\t $Mapper\n Mount point:\t $node\n $none" 470 | 471 | # mount volume 472 | mkdir "$node" >> "$LOGFILE" 2>&1 473 | mount "/dev/mapper/$cryptdev" "$node" >> "$LOGFILE" 2>&1 474 | 475 | chown -HR "$SUDO_USER" "$node" >> "$LOGFILE" 2>&1 476 | echo -e "$yellow You can delete $node after use.\n $none" 477 | 478 | # Done 479 | echo -e "$yellow Log File : $LOGFILE $none" 480 | exit 1; 481 | } 482 | 483 | 484 | ############################################################################## 4) Mount_LUKSVolume 485 | #Function to mount an Existing Encrypted LUKS volume 486 | 487 | function Mount_LUKSVolume(){ 488 | 489 | # Temporary mount point 490 | node="/media/$temp_name" 491 | 492 | # Get access to the LUKS volume 493 | read -p "Enter Full Path to the LUKS Volume: " volume 494 | while [[ -z "$volume" ]]; do 495 | read -p "Please Enter Full Path to the LUKS Volume: " volume 496 | done 497 | 498 | # Check if Path to LUKS volume exist 499 | if [ ! -f "$volume" ]; then 500 | echo -e "$red LUKS Volume:$volume entered is not available! $none" 501 | exit 1; 502 | else 503 | echo -e "$blue $volume was selected as the Path to LUKS volume. \n $normal" 504 | fi 505 | 506 | # Variable used to check if the volume is already mounted 507 | Disk_Path=$(losetup -a | grep $volume | grep -o -P '(?<=\().*(?=\))') 508 | 509 | # Check if the volume is already mounted 510 | if [[ $volume == $Disk_Path ]]; then 511 | echo -e "$red Disk $volume is already mounted!.. If you are not using any LUKS device do either:$none" 512 | echo -e "$green 1. $0 unmount-all$normal $blue (After using disks or fatal/unknown error) $normal" 513 | echo -e "$green 2. $0 clean $normal $blue (after a failed setup) $normal" 514 | exit 1; 515 | fi 516 | 517 | # Get mount-point to use or use a temporary one 518 | read -p "Enter a mount point [default /media/random_name] " mount_point 519 | while [[ -z "$mount_point" ]]; do 520 | mkdir "$node" >> "$LOGFILE" 2>&1 521 | mount_point="$node" 522 | done 523 | 524 | # Check if the entered Mount-point exist 525 | if [ ! -d "$mount_point" ]; then 526 | echo -e "$red Mount Point:$mount_point entered is not available! $none" 527 | exit 1; 528 | else 529 | echo -e "$blue $mount_point is selected as the Mount Point. \n $normal" 530 | fi 531 | 532 | 533 | # setup Loop-Device and Open LUKS volume with a random name 534 | losetup "$loopdev" "$volume" >> "$LOGFILE" 2>&1 535 | cryptsetup luksOpen "$loopdev" "$cryptdev" >> "$LOGFILE" 2>&1 536 | 537 | # Mount volume with rw permission 538 | mount "/dev/mapper/$cryptdev" -rw "$node" >> "$LOGFILE" 2>&1 539 | chown -HR "$SUDO_USER" "$node" >> "$LOGFILE" 2>&1 540 | 541 | # Done! 542 | echo -e "$yellow \nYou can delete $node after use. \n $none" 543 | echo -e "$yellow Log File : $LOGFILE $none" 544 | 545 | exit 1; 546 | } 547 | 548 | ############################################################################## 5) Unmount_LUKSVolume 549 | # Function to Unmount a luks volume 550 | 551 | function Unmount_LUKSVolume(){ 552 | 553 | # Print a list of all the possible mounted LUKS devices in the system, 554 | echo -e "\n $blue List of mount points of current mounted LUKS devices $normal" 555 | mount | grep /dev/mapper | cut -d" " -f 3 556 | 557 | # Print present mounted devices 558 | echo -e "\n $blue List of mounted LUKS devices $normal" 559 | 560 | Disk_Path=$(losetup -a |grep -o -P '(?<=\().*(?=\))') 561 | 562 | echo -e "$green Disk Path:\t Disk Name. $normal" 563 | 564 | for i in $Disk_Path; do 565 | echo -e " $i\t ${i##*/}" 566 | done 567 | echo 568 | 569 | # Get the volume's mount-point 570 | read -p "Enter volumes full mount point : e.g. /media/luks_disk: " path 571 | while [[ -z "$path" ]]; do 572 | read -p "The full mount-point of the volume to unmount is required!: " path 573 | done 574 | 575 | # Check if Mount-point for the LUKS volume exist 576 | if [ ! -d "$path" ]; then 577 | echo -e "$red Mount Point:$mount_point entered is not available! $none" 578 | exit 1; 579 | else 580 | echo -e "$blue $path is selected as the Mount Point. \n $normal" 581 | fi 582 | 583 | # Get the exact name of the virtual volume to be unmounted 584 | read -p "Enter the Disk Name to unmount: " diskName 585 | while [[ -z "$diskName" ]]; do 586 | read -p " Disk Name of the LUKS-volume is needed to unmount! : " diskName 587 | done 588 | 589 | # Check if there is any mounted file as "disk name" supplied by user 590 | 591 | if losetup -a | grep -q $diskName ; then 592 | echo -e "$blue $diskName was selected as the LUKS to unmount. \n $normal" 593 | else 594 | echo -e "$red No such disk ($diskName) is Mounted! Check again! $none" 595 | exit 1; 596 | fi 597 | 598 | # Create variables that identify parameters needed by cryptsetup & losetup to unmount 599 | map_crypt=$(mount | grep "$path" | cut -d" " -f1 | cut -d"/" -f 4) 600 | loop_dev=$(losetup -a | grep "$diskName" | cut -d ":" -f 1) 601 | 602 | # Unmount procedure 603 | umount "$path" >> "$LOGFILE" 2>&1 604 | cryptsetup luksClose "$map_crypt" >> "$LOGFILE" 2>&1 # Close mapper 605 | losetup -d "$loop_dev" >> "$LOGFILE" 2>&1 606 | 607 | echo -e "$green Volume unmounted! $normal" # Detach loop-device 608 | echo -e "$yellow Log File : $LOGFILE $none" 609 | # Done 610 | 611 | exit 1; 612 | } 613 | 614 | ############################################################################## 6) unmount_all_LUKS 615 | ### Function to unmount all LUKS vol 616 | function unmount_all_LUKS(){ 617 | 618 | # Substitute some commands with variables 619 | umount_all=$(mount | grep mapper | cut -d " " -f 3 | xargs -I % umount %) 620 | Close_luks=$(dmsetup ls | cut -d$'\t' -f 1 | xargs -I % cryptsetup luksClose %) 621 | lo_detach=$(losetup -a | grep loop | cut -d":" -f 1 | xargs -I % losetup -d %) 622 | 623 | # intro banner 624 | intro 625 | 626 | # Run commands in variables 627 | $umount_all >> "$LOGFILE" 2>&1 628 | $Close_luks >> "$LOGFILE" 2>&1 629 | $lo_detach >> "$LOGFILE" 2>&1 630 | 631 | # Remove all temporary created mount-points at /media/ dir 632 | rm -r /media/luks_* >> "$LOGFILE" 2>&1 633 | 634 | # Make the user feel good :) 635 | echo -e "$red All LUKS volumes Safely unmounted! \n $none" 636 | echo -e "$yellow Log File : $LOGFILE $none" 637 | exit 1; 638 | } 639 | 640 | ############################################################################## 7) Main_menu 641 | ### Function for the options menu 642 | function Main_menu(){ 643 | intro 644 | echo -e "$green Select an option to use. \n $normal" 645 | 646 | a="Create an Encrypted Virtual Volume" 647 | b="Encrypt a Removable Disk" 648 | c="Mount an Encrypted Volume" 649 | d="Unmount a LUKS Encrypted Volume" 650 | e="Unmount all LUKS Encrypted Volumes" 651 | f="Clean after LUKS Setup Failed." 652 | g="Quit" 653 | 654 | 655 | select option in "$a" "$b" "$c" "$d" "$e" "$f" "$g" 656 | do 657 | case "$option" in 658 | "$a") New_volume 659 | ;; 660 | "$b") USB_volume 661 | ;; 662 | "$c") Mount_LUKSVolume 663 | ;; 664 | "$d") Unmount_LUKSVolume 665 | ;; 666 | "$e") unmount_all_LUKS 667 | ;; 668 | "$f") Clean 669 | ;; 670 | "$g") exit 1; 671 | ;; 672 | *) echo -e "$red Option not found! What did you do there? $none";; 673 | esac 674 | done 675 | } 676 | 677 | ############################################################################## 8) usage() 678 | ### Help Function 679 | 680 | function usage(){ 681 | echo -e "$yellow \t++++++++++++++++++++++++++++++++++++++ $none" 682 | echo -e "$green \tHow to use LUKS-OPs. (optional) $normal" 683 | echo -e "$yellow \t++++++++++++++++++++++++++++++++++++++ $none" 684 | echo -e "$blue luksOps menu $normal" 685 | echo -e "$blue luksOps new disk_Name Size_in_numbers $normal" 686 | echo -e "$blue luksOps mount /path/to/device (mount point) $normal" 687 | echo -e "$blue luksOps unmount-all $normal" 688 | echo -e "$blue luksOps clean $normal" 689 | echo -e "$blue luksOps usage $normal \n" 690 | exit 1; 691 | } 692 | #### End of FUNCTIONS 693 | 694 | ################################################################################ 695 | 696 | 697 | # Main : Where script execution starts 698 | 699 | LOGFILE="/tmp/luks$now.log" 700 | 701 | # If running script with no arguments then get the Main Menu. 702 | if [ $# -lt 1 ]; then 703 | Main_menu 704 | fi 705 | 706 | # If running script with expected arguments(s), get served, if not get help. 707 | case "$1" in 708 | new) # Creating a new LUKS encrypted volume (args should be exactly 3; [new Label Size]) 709 | if [ $# != 3 ]; then 710 | usage 711 | fi 712 | 713 | # Print some basic default options 714 | echo -e "$red Notice: $none" 715 | echo -e "$yellow Default Cipher = aes-xts-plain64 $none" 716 | echo -e "$yellow Default File System = ext4 $none" 717 | echo -e "$green ===================================== $normal" 718 | 719 | # Test if Disk Name is set in letters only 720 | if [[ ! "$2" =~ [a-zA-Z] ]]; then 721 | echo -e "$red $2 is an invalid File Name for Disk (Use letters only) $none" 722 | exit 1; 723 | fi 724 | 725 | # Test if Disk size is set in numbers only 726 | if [[ ! "$3" =~ [0-9] ]]; then 727 | echo -e "$red $3 is an invalid size number for Block file! (Use numbers only) $none" 728 | exit 1; 729 | fi 730 | 731 | # Select numbers only in size 732 | size=$(echo "$3" | tr -dc 0-9) 733 | echo -e "$green $blue $size MB $normal is set as your default virtual disk capacity. (Numbers Only) \n $normal" 734 | 735 | # Remove special chars from filename 736 | name=$(echo "$2" | tr -dc a-zA-Z) 737 | 738 | # Check if file already exists. 739 | if [ -f "/usr/$name" ]; then 740 | echo -e "$red A Disk Named $name is already available! (/usr/$name) $none" 741 | echo -e "$yellow Please use another Disk Name or delete the existing file$none" 742 | exit 1; 743 | else 744 | echo -e "$green $blue $name $normal is set as your default virtual disk name. (No special chars). \n $normal" 745 | fi 746 | 747 | #Create the LUKS virtual volume 748 | base="/usr/$name" 749 | echo -e "$yellow Keep calm.. Creating File block. This might take time depending on the File size and your machine! \n $none" 750 | 751 | dd if=/dev/zero of="$base" bs=1M count="$3" >> "$LOGFILE" 2>&1 752 | echo -e "$green \nBlock file created - /usr/$name \n $normal" 753 | 754 | # Loop device setup 755 | loopdev=$(losetup -f) 756 | losetup "$loopdev" "/usr/$name" 757 | 758 | # Variable for losetup test 759 | confirm_lo=$(losetup -a | grep "$loopdev" | grep -o -P '(?<=\().*(?=\))') 760 | confirm_final=${confirm_lo##*/} 761 | 762 | # Test if losetup is fine before we continue execution 763 | if [[ "$confirm_final" != "$name" ]]; then 764 | echo -e "$red There was a problem setting up LUKS.. \n Try $0 menu and choose option 1. \n Check $LOGFILE $none" 765 | rm "$base" >> "$LOGFILE" 2>&1 766 | 767 | # For Debugs only 768 | #echo -e "$yellow Confirm Loop-device is $confirm_final\n Confirm-Match is $name \n $none" 769 | #echo -e "$green If the Loop-device is not the same as Confirm-Match... $normal $red ERROR!! $none" 770 | 771 | Clean 772 | exit 1; 773 | fi 774 | 775 | # LUKS format with default cipher 776 | cryptsetup luksFormat -c aes-xts-plain64 "$loopdev" 777 | echo 778 | 779 | # Open LUKS with a random name 780 | cryptdev=$(cat < /dev/urandom | tr -dc "[:lower:]" | head -c 8) 781 | cryptsetup luksOpen "$loopdev" "$cryptdev" >> "$LOGFILE" 2>&1 782 | echo 783 | 784 | # Variable to used below to test for luksopen command status 785 | confirm_crypt=$(dmsetup ls | cut -d$'\t' -f 1 | grep "$cryptdev") 786 | 787 | # Testing luksopen command worked fine before proceeding 788 | if [[ "$confirm_crypt" != "$cryptdev" ]]; then 789 | echo -e "$red There was a problem setting up LUKS.. Check $LOGFILE . $none" 790 | echo -e "$yellow Password did not Match or If you entered lower-case yes use YES next time.\n $none" 791 | rm "$base" >> "$LOGFILE" 2>&1 792 | 793 | #For debugs 794 | #echo -e "$yellow CryptDevice = $cryptdev \n Matching-cryptdev = $confirm_cryp \n $none" 795 | #echo -e "$red ERROR! $none $green If CryptDevice is not equal to Matching-cryptdev.. $normal" 796 | 797 | exit 1; 798 | fi 799 | 800 | # Create default File System (ext4) 801 | echo -e "$yellow Creating File-System...... $none" 802 | mkfs.ext4 -L "$name" "/dev/mapper/$cryptdev" >> "$LOGFILE" 2>&1 803 | 804 | echo -e "$green \n MOUNT : yes/no \n $normal" 805 | 806 | # Mount the volume if the user accepts 807 | read -p "LUKS Virtual disk created, mount it? yes/no :" mount_new 808 | if [ "$mount_new" == "yes" ]; then 809 | mkdir "/media/$temp_name" >> "$LOGFILE" 2>&1 810 | mount "/dev/mapper/$cryptdev" "/media/$temp_name" >> "$LOGFILE" 2>&1 811 | 812 | chown -HR "$SUDO_USER" "/media/$temp_name" >> "$LOGFILE" 2>&1 813 | echo -e "$green You can delete /media/$temp_name after use. \n $normal" 814 | else 815 | echo -e "$red Closing... $none" 816 | fi 817 | 818 | # print stats and exit 819 | _Path="/usr/$name" 820 | _Mapper="/dev/mapper/$cryptdev" 821 | 822 | echo -e "$yellow Disk-Name: \t $name \n Path: \t\t $_Path \n Loop-Device: \t $loopdev \n Mapper: \t $_Mapper \n $none" 823 | echo -e "$green Log file : $LOGFILE \n $normal" 824 | 825 | exit 1; 826 | ;; 827 | mount) # Mounting a LUKS volume (args shouldn't be less than 2; mount and mount-point). 828 | if [ $# -lt 2 ]; then 829 | usage 830 | fi 831 | 832 | # Test if disk to be mounted is present 833 | if [ ! -f "$2" ]; then 834 | echo -e "$red $2 - Disk to be mounted is not available! $none" 835 | exit 1; 836 | fi 837 | 838 | # Check if custom mount-point is supplied by user. 839 | if [ $# -eq 3 ]; then 840 | mount_point="$3" 841 | if [ ! -d "$3" ]; then 842 | echo -e "$red Mount-point:$3 entered is not available! $none" 843 | exit 1; 844 | fi 845 | else 846 | mkdir "/media/$temp_name" >> "$LOGFILE" 2>&1 # If no custom mount-point use default one. 847 | mount_point="/media/$temp_name" 848 | fi 849 | 850 | # Check if disk supplied is already mounted 851 | Disk_Path=$(losetup -a | grep $2 | grep -o -P '(?<=\().*(?=\))') 852 | 853 | if [[ $2 == $Disk_Path ]]; then 854 | echo -e "$red Disk $2 is already mounted!.. If you are not using any LUKS encrypted device do either:$none" 855 | echo -e "$green 1. $0 unmount-all$normal $blue (After using disks or fatal/unknown error) or $normal" 856 | echo -e "$green 2. $0 clean $normal $blue (after a failed setup) $normal" 857 | exit 1; 858 | fi 859 | 860 | # Setup Loop-Device and open LUKS with random name 861 | losetup "$loopdev" "$2" >> "$LOGFILE" 2>&1 862 | cryptsetup luksOpen "$loopdev" "$cryptdev" >> "$LOGFILE" 2>&1 863 | 864 | # Mount the volume and enable rw for other sudo user 865 | mount "/dev/mapper/$cryptdev" -rw "$mount_point" >> "$LOGFILE" 2>&1 && echo -e "$yellow LUKS Virtual disk mounted $none" 866 | chown -HR "$SUDO_USER" "$mount_point" >> "$LOGFILE" 2>&1 867 | 868 | # Print Stats 869 | echo -e "$yellow Mounted at:\t $mount_point\n Disk-Path:\t $2\n Loop-Device:\t $loopdev\n Mapper:\t /dev/mapper/$cryptdev\n $none" 870 | echo -e "$yellow NB: You can delete $mount_point after use. $none" 871 | echo -e "$green Log file : $LOGFILE \n $normal" 872 | 873 | # Done! 874 | exit 1; 875 | ;; 876 | 877 | unmount-all) # Unmount all present LUKS Encrypted volumes on the System (only 1 arg accepted) 878 | if [ $# -eq 1 ]; then 879 | unmount_all_LUKS 880 | else 881 | usage 882 | fi 883 | ;; 884 | 885 | clean) # Clean setups after a fail before proceeding. (only 1 arg accepted) 886 | if [ $# -eq 1 ]; then 887 | Clean 888 | else 889 | usage 890 | fi 891 | ;; 892 | 893 | menu) # Get option menu if arguments are not more than one. (only 1 arg accepted) 894 | if [ $# -eq 1 ]; then 895 | Main_menu 896 | else 897 | usage 898 | fi 899 | ;; 900 | 901 | help) # (usage func) Print help message and exit 902 | usage 903 | ;; 904 | *) echo -e "$red Oops! I did not get what you did there.. $none" # (usage func) Print help message and exit 905 | usage 906 | ;; 907 | esac 908 | --------------------------------------------------------------------------------