Trying to use cryptsetup in terminal to create encrypted partitions. zulucrypt won't work
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You gave a lot of options, but never specified an action, and you said what device to use, but never what name to create. Since "--use-random" is specific to LUKS devices, I presume that is what you are trying to create.
Sorry, I got a bit confused. "cryptsetup luksFormat" doesn't take a name for the device to create. That doesn't happen until later when you run "cryptsetup open ...". Try again without that argument:
i feel using cryptsetup will be more secure that relying on zulucrypt gui because there might be weaknesses in zulucrypts implementation.
i am using unbuntu 16.04 lts 64bit using ZULUCRYPT version 4.7.7
Hi,founder and current maintainer of zuluCrypt here.
zuluCrypt is just a fancy GUI frontend to cryptsetup and it does not do anything by itself,it just takes your input and passes them to cryptsetup.
You can easily check if zuluCrypt screwed up anything by later on checking properties of the volume you have created with cryptsetup(using cryptsetup luksDump).
iteration count of 5000 is simply too small,the minimum recommended these days is 10,000 and cryptsetup will default to use a value that will take about a second to unlock a volume(my local test here says thats 21500 iterations and i double it will be less that 5000 on your computer).
It makes no sense to not use zuluCrypt because of concerns that it might create a less than secured volume and followed it up with manually creating a volume with such an insecure property.
Creating a volume manually is a 4 step process.
1. You create a volume using cryptsetup luksFormat
2. You unlock a volume using cryptsetup LuksOpen
3. You create a file system on the volume through the opened mapper
4. You close the volume with cryptsetup luksClose
mhogomchungu don't send me a prewritten response I authenticate with sudo password when i open zulucrypt so why when i try to create a container does it say i am not root and permission denied???
mhogomchungu don't send me a prewritten response I authenticate with sudo password when i open zulucrypt so why when i try to create a container does it say i am not root and permission denied???
you are using version 4.7.7,the latest version is 5.0.2 with 5.1.0 to be released on the first of next month. The version you are using is 6 versions behind!!!
You are running zuluCrypt in what it calls "mixed mode",this is when GUI components runs privileged but they serve a normal user. You are getting rejected because as a normal user,you are not allowed to do what you want to do(You cant do destructive operations on what zuluCrypt calls "system device").
To truly run zuluCrypt-gui with root's privileges,open the terminal and run "sudo zuluCrypt-gui",what you were doing is running "sudo zuluCrypt-gui -K $UID",the -K $UID argument is what triggers the mode the option resolved to your normal user account user id.
The version of zuluCrypt you are using is too old,update to the latest version(the packages i provide on the project main page gives better experience).
My previous comment and this one are not pre written and they take considerable amount of time to type,in this comment for example,i had to download,build and test zuluCrypt 4.7.7 to see if i can reproduce the behavior you described and in my previous comment,i had to open the terminal,log in to root and run a bunch of cryptsetup commands to confirm those steps i mentioned.
Mhogomchungu thanks for your prompt and lengthy response. I very much appreciate itWhat I did was click on the icon for zulucrypt then the system, prompted me to put my password in.
I will upgrade to latest version then sudo zulucrypt-GUI and see if it works.
RK I will also try your fix for doing it in cryptsetup.
Thanks I will try these in the morning and post the results!
Things will fail with zuluCrypt when they fail with cryptsetup.
Like what the error says,your device is still in use,stop using them and try again.
Two possible reasons of why they are in use.
1. They have a file system and the file system is mounted.
2. They are used by lvm or mdraid systems.
3. You already have an opened mapper.
If you are up to it,you can give me access to your computer through teamviewer and i will sort things out myself. You will see observing everything i do so there will be no surprises as far as your computer integrity is concerned.
I occasionally offer this support to those who have difficulties in installing/using zuluCrypt. If you are up to it,send me an email at mhogomchungu@gmail.com and we will discuss details.
Last edited by mhogomchungu; 12-30-2016 at 11:51 AM.
Mhogomchungu that is very gracious of you to offer your personal assistance to me remotely through team viewer but I must decline. What I am going to do is a clean install of a Linux distribution and try sirikali on it! Maybe SUSE LEAP.
RK -- I will try your suggestions definitely want to learn how to do this from the command line. I am really trying
To lean towards the terminal to do things in Linux
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.