Georg/luksrku
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix <pre> areas in markdown

Browse Source
This commit is contained in:
Johannes Bauer 2016-09-24 11:23:38 +02:00
parent 4627410580
commit f82cb5dbf7
1 changed files with 31 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
README.md
View File

@ -77,34 +77,38 @@ can do:
1. Build >=OpenSSL-1.1.0 (e.g., using the provided ./build_openssl command) 1. Build >=OpenSSL-1.1.0 (e.g., using the provided ./build_openssl command)
2. Build and install luksrku: make && sudo make install 2. Build and install luksrku: make && sudo make install
3. Generate the keyfiles. For this we use the provided gen_config script: 3. Generate the keyfiles. For this we use the provided gen_config script:
```
Disk UUID : 952ebed9-5256-4b4c-9de5-7f8829b4a74a
Disk name : crypt-root
Suggestion: TDFV6Z6XyDQ52ASswVFSEl8mrVfnH9F5b
Passphrase:
Disk UUID : ```bash
# server.txt Disk UUID : 952ebed9-5256-4b4c-9de5-7f8829b4a74a
# Host UUID Host PSK Disk UUIDs Disk name : crypt-root
d66f96fc-7056-46e1-aea6-0f3d705cd3bc d94f3fc6c3507123bda4034dd8c865a1b4cf9870bda50e9ed9f861621d581017 952ebed9-5256-4b4c-9de5-7f8829b4a74a=crypt-root Suggestion: TDFV6Z6XyDQ52ASswVFSEl8mrVfnH9F5b
Passphrase:
Disk UUID :
# server.txt
# Host UUID Host PSK Disk UUIDs
d66f96fc-7056-46e1-aea6-0f3d705cd3bc d94f3fc6c3507123bda4034dd8c865a1b4cf9870bda50e9ed9f861621d581017 952ebed9-5256-4b4c-9de5-7f8829b4a74a=crypt-root
# client.txt
# Host UUID Host PSK Disk UUIDs
d66f96fc-7056-46e1-aea6-0f3d705cd3bc d94f3fc6c3507123bda4034dd8c865a1b4cf9870bda50e9ed9f861621d581017 952ebed9-5256-4b4c-9de5-7f8829b4a74a=54444656365a3658794451353241537377564653456c386d7256666e4839463562
```
# client.txt
# Host UUID Host PSK Disk UUIDs
d66f96fc-7056-46e1-aea6-0f3d705cd3bc d94f3fc6c3507123bda4034dd8c865a1b4cf9870bda50e9ed9f861621d581017 952ebed9-5256-4b4c-9de5-7f8829b4a74a=54444656365a3658794451353241537377564653456c386d7256666e4839463562
```
We follow the suggested passphrase, which should contain 192 bits of entropy. We follow the suggested passphrase, which should contain 192 bits of entropy.
4. We use cryptsetup luksAddKey to add the suggested passphrase to the LUKS 4. We use cryptsetup luksAddKey to add the suggested passphrase to the LUKS
keyring of the server. keyring of the server.
5. The config script has given suggestions for server.txt and client.txt. We 5. The config script has given suggestions for server.txt and client.txt. We
copy the respective contents into the files. copy the respective contents into the files.
6. Then we create the server binary config: 6. Then we create the server binary config:
```
$ luksrku-config server server.txt server.bin ```bash
Successfully read key file with 1 entries. $ luksrku-config server server.txt server.bin
$ luksrku-config client client.txt client.bin Successfully read key file with 1 entries.
Successfully read key file with 1 entries. $ luksrku-config client client.txt client.bin
Passphrase to encrypt keyfile: Successfully read key file with 1 entries.
``` Passphrase to encrypt keyfile:
```
Now we'll have a server.bin and password-protected client.bin. Now we'll have a server.bin and password-protected client.bin.
7. On the server machine (i.e., the one with the LUKS disk) we copy 7. On the server machine (i.e., the one with the LUKS disk) we copy
server.bin to /etc/luksrku-server.bin. server.bin to /etc/luksrku-server.bin.
@ -120,9 +124,10 @@ can do:
will now broadcast UDP packets onto the network indicating its presence. will now broadcast UDP packets onto the network indicating its presence.
These packets will be sent to UDP port 23170. These packets will be sent to UDP port 23170.
12. On the client, start the client to unlock the server's key: 12. On the client, start the client to unlock the server's key:
```
$ luksrku --client-mode -k client.bin ```
Keyfile password: $ luksrku --client-mode -k client.bin
``` Keyfile password:
```