# cryptsetup luksChangeKey /dev/vda5
Replace /dev/vda5 with your actual LUKS device. The command will ask you for the existing passphrase to replace, and then for the new passphrase for the device.
Tag: cryptsetup
Unlock LUKS volume with a YubiKey
Update: The dracut configuration has been updated and now udev consistently recognizes the YubiKey in the initramfs.
Unlocking LUKS encrypted drives with a YubiKey has been supported since systemd 248. In Debian, systemd>=250 is required, as the feature has not been enabled in prior versions. This tutorial is geared towards Yubikeys, but it should work with slight modifications with any other FIDO2 token.
YubiKey series 5 and later should support the hmac-secret extension. You can make sure your Yubikey supports the needed hmac-secret extension by querying it with ykman:
$ ykman --diagnose 2>&1 | grep hmac-secret
Backup your LUKS header
In case you mess anything up, you would need a backup of your LUKS header. Remember to save your backup to some external storage, so you can actually access it if anything goes sideways.
# cryptsetup luksHeaderBackup /dev/nvme0n1p3 --header-backup-file /media/guyru/E474-2D80/luks_backup.bin
Set FIDO2 PIN
We would like to set a FIDO2 PIN for the Yubikey, so unlocking the encrypted drive would require both the physical Yubikey and the PIN. You can set the PIN using:
$ ykman fido access change-pin
Enroll the Yubikey
Start by verifying that systemd-cryptenroll can see and can use your YubiKey:
$ systemd-cryptenroll --fido2-device=list
PATH MANUFACTURER PRODUCT
/dev/hidraw0 Yubico YubiKey FIDO+CCID
Now, enroll the Yubikey, replacing /dev/nvme0n1p3 with the block device of the LUKS encrypted drive.
$ sudo systemd-cryptenroll /dev/nvme0n1p3 --fido2-device=auto --fido2-with-client-pin=yes
🔐 Please enter current passphrase for disk /dev/nvme0n1p3: (no echo)
Initializing FIDO2 credential on security token.
👆 (Hint: This might require confirmation of user presence on security token.)
🔐 Please enter security token PIN: (no echo)
Generating secret key on FIDO2 security token.
👆 In order to allow secret key generation, please confirm presence on security token.
New FIDO2 token enrolled as key slot 0.
Modify /etc/crypttab
We need to modify /etc/crypttab in order to tell cryptsetup to unlock the device using the YubiKey. Add fido2-device=auto in the options field of the crypttab entry for your device. For example:
nvme0n1p3_crypt UUID=307a6bef-5599-4963-8ce0-d9e999026c1a none luks,discard,fido2-device=auto
Switch to dracut
Debian’s default initramfs generator, update-initramfs of the initramfs-tools is using the old cryptsetup for mounting encrypted drives. However, cryptsetup doesn’t recognize the fido2-device option. Running update-initramfs will fail with the following error:
$ sudo update-initramfs -u
update-initramfs: Generating /boot/initrd.img-5.15.0-3-amd64
cryptsetup: WARNING: nvme0n1p3_crypt: ignoring unknown option 'fido2-device'
This is unfortunate. The simplest solution is to switch to dracut, a more modern initramfs generator, which among other things relies on systemd to activate encrypted volumes. This solves the issue of the unknown fido2-device.
Before installing dracut, I would highly recommend creating a copy of the existing initramfs in the boot partition in case something goes wrong.
$ sudo apt install dracut
Dracut includes systemd-cryptsetup by default. systemd-cryptsetup depends on libfido for unlocking devices using FIDO2 tokens. At least in Debian, systemd-cryptsetup dynamically loads libfido2.so (as opposed to being dynamically linked), which causes dracut not to have libfido2.so in the initramfs. This causes systemd-cryptsetup to issue the following error upon boot:
FIDO2 tokens not supported on this build.
We fix it by manually adding libfido2.so to the initramfs. Of course, we also need to include libfido2’s dependencies as well. Dracut has a mechanism for automatically adding dependencies for executables, but it doesn’t work on libraries. As a workaround, instead of adding libfido2 directly, we will add an executable that depends on libfido2, which will add libfido2 and its dependencies to the initramfs. We will usefido2-token from the fido2-tools package for this trick.
$ sudo apt install fido2-tools
$ cat << EOF | sudo tee /etc/dracut.conf.d/11-fido2.conf
## Spaces in the quotes are critical.
# install_optional_items+=" /usr/lib/x86_64-linux-gnu/libfido2.so.* "
## Ugly workround because the line above doesn't fetch
## dependencies of libfido2.so
install_items+=" /usr/bin/fido2-token "
# Required detecting the fido2 key
install_items+=" /usr/lib/udev/rules.d/60-fido-id.rules /usr/lib/udev/fido_id "
EOF
Now, recreate the initramfs images:
$ sudo dracut -f
Last remarks
At this point, we are done. Reboot you’re machine and it will prompt you for your YubiKey and allow you to unlock your LUKS encrypted root patition with it. If you don’t have your YubiKey, it will give the following prompt:
Security token not present for unlocking volume root (nvme0n1p3_crypt), please plug it in.
After around 30 seconds, it would time out and display the following message:
Timed out waiting for security device, aborting security device based authentication attempt.
Afterwards, it would allow you to unlock the partition using a password (or a recovery key).
In case you run into any trouble, append rd.break=initqueue to the kernel command line, and dracut will enter a shell before attempting to mount the partitions. You can manually mount the drive using the following command:
# /usr/lib/systemd/systemd-cryptsetup attach root /dev/nvme0n1p3
Exit the emergency shell, and the system will continue its normal boot.
Quick crypto benchmarks
These are two easy ways to benchmark crypto operation speeds on a Linux machine. The first one is geared towards disk encryption operations:
$ /usr/sbin/cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1 1691251 iterations per second for 256-bit key
PBKDF2-sha256 2144327 iterations per second for 256-bit key
PBKDF2-sha512 1615679 iterations per second for 256-bit key
PBKDF2-ripemd160 916587 iterations per second for 256-bit key
PBKDF2-whirlpool 701858 iterations per second for 256-bit key
argon2i 6 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id 6 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
# Algorithm | Key | Encryption | Decryption
aes-cbc 128b 1209.7 MiB/s 3687.8 MiB/s
serpent-cbc 128b 99.9 MiB/s 794.0 MiB/s
twofish-cbc 128b 230.1 MiB/s 421.7 MiB/s
aes-cbc 256b 937.9 MiB/s 2944.4 MiB/s
serpent-cbc 256b 104.2 MiB/s 794.3 MiB/s
twofish-cbc 256b 239.7 MiB/s 425.8 MiB/s
aes-xts 256b 3634.5 MiB/s 3638.9 MiB/s
serpent-xts 256b 762.0 MiB/s 747.9 MiB/s
twofish-xts 256b 408.1 MiB/s 423.3 MiB/s
aes-xts 512b 2956.6 MiB/s 2750.4 MiB/s
serpent-xts 512b 746.9 MiB/s 752.9 MiB/s
twofish-xts 512b 390.8 MiB/s 421.4 MiB/s
You can actually see how fast AES is compared to other block ciphers due to AES-NI.
The second is based on OpenSSL and provides by default a much more thorough benchmark:
$ openssl speed
Doing md4 for 3s on 16 size blocks: 19471550 md4's in 3.00s
Doing md4 for 3s on 64 size blocks: 15103053 md4's in 3.00s
Doing md4 for 3s on 256 size blocks: 9059338 md4's in 3.00s
Doing md4 for 3s on 1024 size blocks: 3412145 md4's in 3.00s
Doing md4 for 3s on 8192 size blocks: 498545 md4's in 3.00s
Doing md4 for 3s on 16384 size blocks: 253216 md4's in 3.00s
Doing md5 for 3s on 16 size blocks: 28957162 md5's in 3.00s
Doing md5 for 3s on 64 size blocks: 16360429 md5's in 3.00s
Doing md5 for 3s on 256 size blocks: 7154365 md5's in 3.00s
Doing md5 for 3s on 1024 size blocks: 2218149 md5's in 3.00s
Doing md5 for 3s on 8192 size blocks: 297722 md5's in 3.00s
Doing md5 for 3s on 16384 size blocks: 147715 md5's in 3.00s
Doing hmac(md5) for 3s on 16 size blocks: 11929825 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 64 size blocks: 9120709 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 256 size blocks: 5318155 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 1024 size blocks: 2001226 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 8192 size blocks: 291987 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 16384 size blocks: 148269 hmac(md5)'s in 3.00s
Doing sha1 for 3s on 16 size blocks: 32235670 sha1's in 3.00s
Doing sha1 for 3s on 64 size blocks: 18479233 sha1's in 3.00s
Doing sha1 for 3s on 256 size blocks: 9153365 sha1's in 3.00s
Doing sha1 for 3s on 1024 size blocks: 3007449 sha1's in 3.00s
Doing sha1 for 3s on 8192 size blocks: 417697 sha1's in 3.00s
Doing sha1 for 3s on 16384 size blocks: 209985 sha1's in 3.00s
Doing sha256 for 3s on 16 size blocks: 17740446 sha256's in 3.00s
Doing sha256 for 3s on 64 size blocks: 9850795 sha256's in 3.00s
Doing sha256 for 3s on 256 size blocks: 4567892 sha256's in 3.00s
Doing sha256 for 3s on 1024 size blocks: 1408055 sha256's in 3.00s
Doing sha256 for 3s on 8192 size blocks: 190363 sha256's in 3.00s
Doing sha256 for 3s on 16384 size blocks: 95699 sha256's in 3.00s
Doing sha512 for 3s on 16 size blocks: 12097608 sha512's in 3.00s
Doing sha512 for 3s on 64 size blocks: 12203513 sha512's in 3.00s
Doing sha512 for 3s on 256 size blocks: 5178856 sha512's in 3.00s
Doing sha512 for 3s on 1024 size blocks: 1948042 sha512's in 3.00s
Doing sha512 for 3s on 8192 size blocks: 280301 sha512's in 3.00s
Doing sha512 for 3s on 16384 size blocks: 140813 sha512's in 3.00s
Doing whirlpool for 3s on 16 size blocks: 8456994 whirlpool's in 3.00s
Doing whirlpool for 3s on 64 size blocks: 4540393 whirlpool's in 3.00s
Doing whirlpool for 3s on 256 size blocks: 1868465 whirlpool's in 3.00s
Doing whirlpool for 3s on 1024 size blocks: 544008 whirlpool's in 2.99s
Doing whirlpool for 3s on 8192 size blocks: 74183 whirlpool's in 3.00s
Doing whirlpool for 3s on 16384 size blocks: 37414 whirlpool's in 3.00s
Doing rmd160 for 3s on 16 size blocks: 10071219 rmd160's in 3.00s
Doing rmd160 for 3s on 64 size blocks: 6032766 rmd160's in 3.00s
Doing rmd160 for 3s on 256 size blocks: 2779084 rmd160's in 3.00s
Doing rmd160 for 3s on 1024 size blocks: 880524 rmd160's in 3.00s
Doing rmd160 for 3s on 8192 size blocks: 118235 rmd160's in 3.00s
Doing rmd160 for 3s on 16384 size blocks: 59732 rmd160's in 3.00s
Doing rc4 for 3s on 16 size blocks: 148607832 rc4's in 3.00s
Doing rc4 for 3s on 64 size blocks: 39326183 rc4's in 3.00s
Doing rc4 for 3s on 256 size blocks: 8165860 rc4's in 3.00s
Doing rc4 for 3s on 1024 size blocks: 1913512 rc4's in 3.00s
Doing rc4 for 3s on 8192 size blocks: 236942 rc4's in 3.00s
Doing rc4 for 3s on 16384 size blocks: 117673 rc4's in 3.00s
Doing des cbc for 3s on 16 size blocks: 16847525 des cbc's in 3.00s
Doing des cbc for 3s on 64 size blocks: 4335887 des cbc's in 3.00s
Doing des cbc for 3s on 256 size blocks: 1087088 des cbc's in 3.00s
Doing des cbc for 3s on 1024 size blocks: 273049 des cbc's in 3.00s
Doing des cbc for 3s on 8192 size blocks: 34202 des cbc's in 3.00s
Doing des cbc for 3s on 16384 size blocks: 17021 des cbc's in 3.00s
Doing des ede3 for 3s on 16 size blocks: 6477330 des ede3's in 3.00s
Doing des ede3 for 3s on 64 size blocks: 1630515 des ede3's in 3.00s
Doing des ede3 for 3s on 256 size blocks: 408304 des ede3's in 3.00s
Doing des ede3 for 3s on 1024 size blocks: 101953 des ede3's in 3.00s
Doing des ede3 for 3s on 8192 size blocks: 12744 des ede3's in 2.99s
Doing des ede3 for 3s on 16384 size blocks: 6395 des ede3's in 3.00s
Doing aes-128 cbc for 3s on 16 size blocks: 50546274 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 64 size blocks: 13358038 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 256 size blocks: 3333758 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 1024 size blocks: 842151 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 8192 size blocks: 104943 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 16384 size blocks: 52871 aes-128 cbc's in 3.00s
Doing aes-192 cbc for 3s on 16 size blocks: 44629776 aes-192 cbc's in 3.00s
Doing aes-192 cbc for 3s on 64 size blocks: 11527573 aes-192 cbc's in 3.00s
Doing aes-192 cbc for 3s on 256 size blocks: 2861904 aes-192 cbc's in 3.00s
Doing aes-192 cbc for 3s on 1024 size blocks: 719848 aes-192 cbc's in 3.00s
Doing aes-192 cbc for 3s on 8192 size blocks: 90802 aes-192 cbc's in 3.00s
Doing aes-192 cbc for 3s on 16384 size blocks: 45435 aes-192 cbc's in 3.00s
Doing aes-256 cbc for 3s on 16 size blocks: 39272215 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 64 size blocks: 10093402 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 256 size blocks: 2504776 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 1024 size blocks: 637977 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 8192 size blocks: 79787 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 16384 size blocks: 39202 aes-256 cbc's in 3.00s
Doing aes-128 ige for 3s on 16 size blocks: 47968696 aes-128 ige's in 3.00s
Doing aes-128 ige for 3s on 64 size blocks: 12904621 aes-128 ige's in 3.00s
Doing aes-128 ige for 3s on 256 size blocks: 3298776 aes-128 ige's in 3.00s
Doing aes-128 ige for 3s on 1024 size blocks: 839361 aes-128 ige's in 3.00s
Doing aes-128 ige for 3s on 8192 size blocks: 105162 aes-128 ige's in 3.00s
Doing aes-128 ige for 3s on 16384 size blocks: 52661 aes-128 ige's in 3.00s
Doing aes-192 ige for 3s on 16 size blocks: 42104801 aes-192 ige's in 3.00s
Doing aes-192 ige for 3s on 64 size blocks: 11153161 aes-192 ige's in 3.00s
Doing aes-192 ige for 3s on 256 size blocks: 2861637 aes-192 ige's in 3.00s
Doing aes-192 ige for 3s on 1024 size blocks: 714282 aes-192 ige's in 2.99s
Doing aes-192 ige for 3s on 8192 size blocks: 89697 aes-192 ige's in 3.00s
Doing aes-192 ige for 3s on 16384 size blocks: 45105 aes-192 ige's in 3.00s
Doing aes-256 ige for 3s on 16 size blocks: 37372904 aes-256 ige's in 3.00s
Doing aes-256 ige for 3s on 64 size blocks: 9876719 aes-256 ige's in 3.00s
Doing aes-256 ige for 3s on 256 size blocks: 2494944 aes-256 ige's in 3.00s
Doing aes-256 ige for 3s on 1024 size blocks: 612649 aes-256 ige's in 3.00s
Doing aes-256 ige for 3s on 8192 size blocks: 78842 aes-256 ige's in 3.00s
Doing aes-256 ige for 3s on 16384 size blocks: 38146 aes-256 ige's in 3.00s
Doing ghash for 3s on 16 size blocks: 290449447 ghash's in 3.00s
Doing ghash for 3s on 64 size blocks: 279423358 ghash's in 3.00s
Doing ghash for 3s on 256 size blocks: 110269684 ghash's in 3.00s
Doing ghash for 3s on 1024 size blocks: 32100037 ghash's in 3.00s
Doing ghash for 3s on 8192 size blocks: 4100293 ghash's in 3.00s
Doing ghash for 3s on 16384 size blocks: 2050513 ghash's in 3.00s
Doing camellia-128 cbc for 3s on 16 size blocks: 25557277 camellia-128 cbc's in 3.00s
Doing camellia-128 cbc for 3s on 64 size blocks: 9739653 camellia-128 cbc's in 2.99s
Doing camellia-128 cbc for 3s on 256 size blocks: 2753092 camellia-128 cbc's in 3.00s
Doing camellia-128 cbc for 3s on 1024 size blocks: 705022 camellia-128 cbc's in 3.00s
Doing camellia-128 cbc for 3s on 8192 size blocks: 89548 camellia-128 cbc's in 3.00s
Doing camellia-128 cbc for 3s on 16384 size blocks: 44700 camellia-128 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 16 size blocks: 22217978 camellia-192 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 64 size blocks: 7553707 camellia-192 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 256 size blocks: 2060504 camellia-192 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 1024 size blocks: 531985 camellia-192 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 8192 size blocks: 66556 camellia-192 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 16384 size blocks: 32679 camellia-192 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 16 size blocks: 22127633 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 64 size blocks: 7448703 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 256 size blocks: 1972494 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 1024 size blocks: 529948 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 8192 size blocks: 63902 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 16384 size blocks: 33303 camellia-256 cbc's in 3.00s
Doing seed cbc for 3s on 16 size blocks: 19448527 seed cbc's in 2.96s
Doing seed cbc for 3s on 64 size blocks: 5086661 seed cbc's in 3.00s
Doing seed cbc for 3s on 256 size blocks: 1309579 seed cbc's in 3.00s
Doing seed cbc for 3s on 1024 size blocks: 326399 seed cbc's in 3.00s
Doing seed cbc for 3s on 8192 size blocks: 40847 seed cbc's in 2.97s
Doing seed cbc for 3s on 16384 size blocks: 20473 seed cbc's in 3.00s
Doing rc2 cbc for 3s on 16 size blocks: 11590538 rc2 cbc's in 3.00s
Doing rc2 cbc for 3s on 64 size blocks: 2993882 rc2 cbc's in 3.00s
Doing rc2 cbc for 3s on 256 size blocks: 756250 rc2 cbc's in 2.99s
Doing rc2 cbc for 3s on 1024 size blocks: 189369 rc2 cbc's in 3.00s
Doing rc2 cbc for 3s on 8192 size blocks: 23335 rc2 cbc's in 3.00s
Doing rc2 cbc for 3s on 16384 size blocks: 11620 rc2 cbc's in 3.00s
Doing blowfish cbc for 3s on 16 size blocks: 28823881 blowfish cbc's in 3.00s
Doing blowfish cbc for 3s on 64 size blocks: 7731814 blowfish cbc's in 3.00s
Doing blowfish cbc for 3s on 256 size blocks: 1819269 blowfish cbc's in 2.98s
Doing blowfish cbc for 3s on 1024 size blocks: 453845 blowfish cbc's in 2.96s
Doing blowfish cbc for 3s on 8192 size blocks: 59271 blowfish cbc's in 3.00s
Doing blowfish cbc for 3s on 16384 size blocks: 29739 blowfish cbc's in 3.00s
Doing cast cbc for 3s on 16 size blocks: 24843807 cast cbc's in 3.00s
Doing cast cbc for 3s on 64 size blocks: 7142122 cast cbc's in 3.00s
Doing cast cbc for 3s on 256 size blocks: 1720810 cast cbc's in 2.98s
Doing cast cbc for 3s on 1024 size blocks: 457591 cast cbc's in 2.99s
Doing cast cbc for 3s on 8192 size blocks: 56722 cast cbc's in 3.00s
Doing cast cbc for 3s on 16384 size blocks: 28285 cast cbc's in 3.00s
Doing rand for 3s on 16 size blocks: 3372230 rand's in 2.84s
Doing rand for 3s on 64 size blocks: 3356834 rand's in 2.75s
Doing rand for 3s on 256 size blocks: 3138476 rand's in 2.79s
Doing rand for 3s on 1024 size blocks: 2728751 rand's in 2.82s
Doing rand for 3s on 8192 size blocks: 1092880 rand's in 2.94s
Doing rand for 3s on 16384 size blocks: 651510 rand's in 2.96s
Doing 512 bits private rsa's for 10s: 290761 512 bits private RSA's in 10.00s
Doing 512 bits public rsa's for 10s: 4638554 512 bits public RSA's in 10.00s
Doing 1024 bits private rsa's for 10s: 134299 1024 bits private RSA's in 9.91s
Doing 1024 bits public rsa's for 10s: 1959617 1024 bits public RSA's in 9.98s
Doing 2048 bits private rsa's for 10s: 19348 2048 bits private RSA's in 9.99s
Doing 2048 bits public rsa's for 10s: 658878 2048 bits public RSA's in 10.00s
Doing 3072 bits private rsa's for 10s: 6641 3072 bits private RSA's in 10.01s
Doing 3072 bits public rsa's for 10s: 323266 3072 bits public RSA's in 10.00s
Doing 4096 bits private rsa's for 10s: 2972 4096 bits private RSA's in 10.00s
Doing 4096 bits public rsa's for 10s: 190751 4096 bits public RSA's in 10.00s
Doing 7680 bits private rsa's for 10s: 314 7680 bits private RSA's in 10.00s
Doing 7680 bits public rsa's for 10s: 54717 7680 bits public RSA's in 10.00s
Doing 15360 bits private rsa's for 10s: 60 15360 bits private RSA's in 10.08s
Doing 15360 bits public rsa's for 10s: 14720 15360 bits public RSA's in 10.00s
Doing 512 bits sign dsa's for 10s: 194123 512 bits DSA signs in 9.98s
Doing 512 bits verify dsa's for 10s: 278869 512 bits DSA verify in 10.00s
Doing 1024 bits sign dsa's for 10s: 113554 1024 bits DSA signs in 9.97s
Doing 1024 bits verify dsa's for 10s: 147432 1024 bits DSA verify in 10.00s
Doing 2048 bits sign dsa's for 10s: 45620 2048 bits DSA signs in 9.98s
Doing 2048 bits verify dsa's for 10s: 49758 2048 bits DSA verify in 10.00s
Doing 160 bits sign ecdsa's for 10s: 56221 160 bits ECDSA signs in 9.98s
Doing 160 bits verify ecdsa's for 10s: 59458 160 bits ECDSA verify in 10.00s
Doing 192 bits sign ecdsa's for 10s: 47616 192 bits ECDSA signs in 9.98s
Doing 192 bits verify ecdsa's for 10s: 47970 192 bits ECDSA verify in 10.00s
Doing 224 bits sign ecdsa's for 10s: 210941 224 bits ECDSA signs in 9.99s
Doing 224 bits verify ecdsa's for 10s: 96849 224 bits ECDSA verify in 10.00s
Doing 256 bits sign ecdsa's for 10s: 520231 256 bits ECDSA signs in 9.91s
Doing 256 bits verify ecdsa's for 10s: 173754 256 bits ECDSA verify in 9.99s
Doing 384 bits sign ecdsa's for 10s: 12826 384 bits ECDSA signs in 9.98s
Doing 384 bits verify ecdsa's for 10s: 15207 384 bits ECDSA verify in 9.99s
Doing 521 bits sign ecdsa's for 10s: 39062 521 bits ECDSA signs in 9.99s
Doing 521 bits verify ecdsa's for 10s: 19335 521 bits ECDSA verify in 10.00s
Doing 163 bits sign ecdsa's for 10s: 48363 163 bits ECDSA signs in 9.98s
Doing 163 bits verify ecdsa's for 10s: 24392 163 bits ECDSA verify in 9.99s
Doing 233 bits sign ecdsa's for 10s: 34469 233 bits ECDSA signs in 9.97s
Doing 233 bits verify ecdsa's for 10s: 17115 233 bits ECDSA verify in 9.97s
Doing 283 bits sign ecdsa's for 10s: 19982 283 bits ECDSA signs in 9.99s
Doing 283 bits verify ecdsa's for 10s: 10045 283 bits ECDSA verify in 9.99s
Doing 409 bits sign ecdsa's for 10s: 11777 409 bits ECDSA signs in 10.00s
Doing 409 bits verify ecdsa's for 10s: 6008 409 bits ECDSA verify in 10.00s
Doing 571 bits sign ecdsa's for 10s: 5447 571 bits ECDSA signs in 10.00s
Doing 571 bits verify ecdsa's for 10s: 2799 571 bits ECDSA verify in 10.00s
Doing 163 bits sign ecdsa's for 10s: 46234 163 bits ECDSA signs in 9.97s
Doing 163 bits verify ecdsa's for 10s: 23370 163 bits ECDSA verify in 9.99s
Doing 233 bits sign ecdsa's for 10s: 32597 233 bits ECDSA signs in 10.00s
Doing 233 bits verify ecdsa's for 10s: 16665 233 bits ECDSA verify in 10.00s
Doing 283 bits sign ecdsa's for 10s: 19004 283 bits ECDSA signs in 9.99s
Doing 283 bits verify ecdsa's for 10s: 9755 283 bits ECDSA verify in 9.98s
Doing 409 bits sign ecdsa's for 10s: 11207 409 bits ECDSA signs in 10.00s
Doing 409 bits verify ecdsa's for 10s: 5814 409 bits ECDSA verify in 10.00s
Doing 571 bits sign ecdsa's for 10s: 5148 571 bits ECDSA signs in 9.99s
Doing 571 bits verify ecdsa's for 10s: 2610 571 bits ECDSA verify in 10.00s
Doing 256 bits sign ecdsa's for 10s: 29886 256 bits ECDSA signs in 9.99s
Doing 256 bits verify ecdsa's for 10s: 31093 256 bits ECDSA verify in 10.00s
Doing 256 bits sign ecdsa's for 10s: 29985 256 bits ECDSA signs in 9.99s
Doing 256 bits verify ecdsa's for 10s: 32135 256 bits ECDSA verify in 9.99s
Doing 384 bits sign ecdsa's for 10s: 12609 384 bits ECDSA signs in 9.99s
Doing 384 bits verify ecdsa's for 10s: 14306 384 bits ECDSA verify in 10.00s
Doing 384 bits sign ecdsa's for 10s: 12962 384 bits ECDSA signs in 9.99s
Doing 384 bits verify ecdsa's for 10s: 15561 384 bits ECDSA verify in 10.00s
Doing 512 bits sign ecdsa's for 10s: 8564 512 bits ECDSA signs in 9.99s
Doing 512 bits verify ecdsa's for 10s: 10422 512 bits ECDSA verify in 9.99s
Doing 512 bits sign ecdsa's for 10s: 8795 512 bits ECDSA signs in 10.00s
Doing 512 bits verify ecdsa's for 10s: 10798 512 bits ECDSA verify in 9.99s
Doing 160 bits ecdh's for 10s: 61839 160-bits ECDH ops in 10.00s
Doing 192 bits ecdh's for 10s: 50575 192-bits ECDH ops in 9.99s
Doing 224 bits ecdh's for 10s: 160868 224-bits ECDH ops in 10.00s
Doing 256 bits ecdh's for 10s: 234630 256-bits ECDH ops in 10.00s
Doing 384 bits ecdh's for 10s: 13245 384-bits ECDH ops in 10.00s
Doing 521 bits ecdh's for 10s: 32844 521-bits ECDH ops in 10.00s
Doing 163 bits ecdh's for 10s: 50343 163-bits ECDH ops in 9.97s
Doing 233 bits ecdh's for 10s: 35536 233-bits ECDH ops in 9.99s
Doing 283 bits ecdh's for 10s: 21057 283-bits ECDH ops in 9.99s
Doing 409 bits ecdh's for 10s: 12564 409-bits ECDH ops in 10.00s
Doing 571 bits ecdh's for 10s: 5707 571-bits ECDH ops in 10.00s
Doing 163 bits ecdh's for 10s: 47944 163-bits ECDH ops in 9.99s
Doing 233 bits ecdh's for 10s: 35651 233-bits ECDH ops in 9.98s
Doing 283 bits ecdh's for 10s: 20495 283-bits ECDH ops in 9.97s
Doing 409 bits ecdh's for 10s: 12072 409-bits ECDH ops in 10.00s
Doing 571 bits ecdh's for 10s: 4908 571-bits ECDH ops in 9.97s
Doing 256 bits ecdh's for 10s: 30134 256-bits ECDH ops in 9.99s
Doing 256 bits ecdh's for 10s: 30999 256-bits ECDH ops in 9.99s
Doing 384 bits ecdh's for 10s: 13382 384-bits ECDH ops in 10.00s
Doing 384 bits ecdh's for 10s: 13593 384-bits ECDH ops in 10.00s
Doing 512 bits ecdh's for 10s: 9110 512-bits ECDH ops in 10.00s
Doing 512 bits ecdh's for 10s: 8964 512-bits ECDH ops in 9.99s
Doing 253 bits ecdh's for 10s: 347784 253-bits ECDH ops in 10.00s
Doing 448 bits ecdh's for 10s: 22735 448-bits ECDH ops in 9.99s
Doing 253 bits sign Ed25519's for 10s: 272233 253 bits Ed25519 signs in 10.00s
Doing 253 bits verify Ed25519's for 10s: 101997 253 bits Ed25519 verify in 10.00s
Doing 456 bits sign Ed448's for 10s: 37378 456 bits Ed448 signs in 10.00s
Doing 456 bits verify Ed448's for 10s: 20706 456 bits Ed448 verify in 10.00s
OpenSSL 1.1.1i 8 Dec 2020
built on: Tue Dec 8 19:32:32 2020 UTC
options:bn(64,64) rc4(16x,int) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-dgP4jq/openssl-1.1.1i=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
md2 0.00 0.00 0.00 0.00 0.00 0.00
mdc2 0.00 0.00 0.00 0.00 0.00 0.00
md4 103848.27k 322198.46k 773063.51k 1164678.83k 1361360.21k 1382896.98k
md5 154438.20k 349022.49k 610505.81k 757128.19k 812979.54k 806720.85k
hmac(md5) 63625.73k 194575.13k 453815.89k 683085.14k 797319.17k 809746.43k
sha1 171923.57k 394223.64k 781087.15k 1026542.59k 1140591.27k 1146798.08k
rmd160 53713.17k 128699.01k 237148.50k 300552.19k 322860.37k 326216.36k
rc4 792575.10k 838958.57k 696820.05k 653145.43k 647009.62k 642651.48k
des cbc 89853.47k 92498.92k 92764.84k 93200.73k 93394.26k 92957.35k
des ede3 34545.76k 34784.32k 34841.94k 34799.96k 34916.00k 34925.23k
idea cbc 0.00 0.00 0.00 0.00 0.00 0.00
seed cbc 105127.17k 108515.43k 111750.74k 111410.86k 112666.20k 111809.88k
rc2 cbc 61816.20k 63869.48k 64749.16k 64637.95k 63720.11k 63460.69k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00 0.00
blowfish cbc 153727.37k 164945.37k 156286.20k 157005.84k 161849.34k 162414.59k
cast cbc 132500.30k 152365.27k 147827.97k 156713.44k 154888.87k 154473.81k
aes-128 cbc 269580.13k 284971.48k 284480.68k 287454.21k 286564.35k 288746.15k
aes-192 cbc 238025.47k 245921.56k 244215.81k 245708.12k 247949.99k 248135.68k
aes-256 cbc 209451.81k 215325.91k 213740.89k 217762.82k 217871.70k 214095.19k
camellia-128 cbc 136305.48k 208474.18k 234930.52k 240647.51k 244525.74k 244121.60k
camellia-192 cbc 118495.88k 161145.75k 175829.67k 181584.21k 181742.25k 178470.91k
camellia-256 cbc 118014.04k 158905.66k 168319.49k 180888.92k 174495.06k 181878.78k
sha256 94615.71k 210150.29k 389793.45k 480616.11k 519817.90k 522644.14k
sha512 64520.58k 260341.61k 441929.05k 664931.67k 765408.60k 769026.73k
whirlpool 45103.97k 96861.72k 159442.35k 186309.09k 202569.05k 204330.33k
aes-128 ige 255833.05k 275298.58k 281495.55k 286501.89k 287162.37k 287599.27k
aes-192 ige 224558.94k 237934.10k 244193.02k 244623.67k 244932.61k 246333.44k
aes-256 ige 199322.15k 210703.34k 212901.89k 209117.53k 215291.22k 208328.02k
ghash 1549063.72k 5961031.64k 9409679.70k 10956812.63k 11196533.42k 11198535.00k
rand 18998.48k 78122.68k 287974.86k 990865.61k 3045194.88k 3606195.89k
sign verify sign/s verify/s
rsa 512 bits 0.000034s 0.000002s 29076.1 463855.4
rsa 1024 bits 0.000074s 0.000005s 13551.9 196354.4
rsa 2048 bits 0.000516s 0.000015s 1936.7 65887.8
rsa 3072 bits 0.001507s 0.000031s 663.4 32326.6
rsa 4096 bits 0.003365s 0.000052s 297.2 19075.1
rsa 7680 bits 0.031847s 0.000183s 31.4 5471.7
rsa 15360 bits 0.168000s 0.000679s 6.0 1472.0
sign verify sign/s verify/s
dsa 512 bits 0.000051s 0.000036s 19451.2 27886.9
dsa 1024 bits 0.000088s 0.000068s 11389.6 14743.2
dsa 2048 bits 0.000219s 0.000201s 4571.1 4975.8
sign verify sign/s verify/s
160 bits ecdsa (secp160r1) 0.0002s 0.0002s 5633.4 5945.8
192 bits ecdsa (nistp192) 0.0002s 0.0002s 4771.1 4797.0
224 bits ecdsa (nistp224) 0.0000s 0.0001s 21115.2 9684.9
256 bits ecdsa (nistp256) 0.0000s 0.0001s 52495.6 17392.8
384 bits ecdsa (nistp384) 0.0008s 0.0007s 1285.2 1522.2
521 bits ecdsa (nistp521) 0.0003s 0.0005s 3910.1 1933.5
163 bits ecdsa (nistk163) 0.0002s 0.0004s 4846.0 2441.6
233 bits ecdsa (nistk233) 0.0003s 0.0006s 3457.3 1716.6
283 bits ecdsa (nistk283) 0.0005s 0.0010s 2000.2 1005.5
409 bits ecdsa (nistk409) 0.0008s 0.0017s 1177.7 600.8
571 bits ecdsa (nistk571) 0.0018s 0.0036s 544.7 279.9
163 bits ecdsa (nistb163) 0.0002s 0.0004s 4637.3 2339.3
233 bits ecdsa (nistb233) 0.0003s 0.0006s 3259.7 1666.5
283 bits ecdsa (nistb283) 0.0005s 0.0010s 1902.3 977.5
409 bits ecdsa (nistb409) 0.0009s 0.0017s 1120.7 581.4
571 bits ecdsa (nistb571) 0.0019s 0.0038s 515.3 261.0
256 bits ecdsa (brainpoolP256r1) 0.0003s 0.0003s 2991.6 3109.3
256 bits ecdsa (brainpoolP256t1) 0.0003s 0.0003s 3001.5 3216.7
384 bits ecdsa (brainpoolP384r1) 0.0008s 0.0007s 1262.2 1430.6
384 bits ecdsa (brainpoolP384t1) 0.0008s 0.0006s 1297.5 1556.1
512 bits ecdsa (brainpoolP512r1) 0.0012s 0.0010s 857.3 1043.2
512 bits ecdsa (brainpoolP512t1) 0.0011s 0.0009s 879.5 1080.9
op op/s
160 bits ecdh (secp160r1) 0.0002s 6183.9
192 bits ecdh (nistp192) 0.0002s 5062.6
224 bits ecdh (nistp224) 0.0001s 16086.8
256 bits ecdh (nistp256) 0.0000s 23463.0
384 bits ecdh (nistp384) 0.0008s 1324.5
521 bits ecdh (nistp521) 0.0003s 3284.4
163 bits ecdh (nistk163) 0.0002s 5049.4
233 bits ecdh (nistk233) 0.0003s 3557.2
283 bits ecdh (nistk283) 0.0005s 2107.8
409 bits ecdh (nistk409) 0.0008s 1256.4
571 bits ecdh (nistk571) 0.0018s 570.7
163 bits ecdh (nistb163) 0.0002s 4799.2
233 bits ecdh (nistb233) 0.0003s 3572.2
283 bits ecdh (nistb283) 0.0005s 2055.7
409 bits ecdh (nistb409) 0.0008s 1207.2
571 bits ecdh (nistb571) 0.0020s 492.3
256 bits ecdh (brainpoolP256r1) 0.0003s 3016.4
256 bits ecdh (brainpoolP256t1) 0.0003s 3103.0
384 bits ecdh (brainpoolP384r1) 0.0007s 1338.2
384 bits ecdh (brainpoolP384t1) 0.0007s 1359.3
512 bits ecdh (brainpoolP512r1) 0.0011s 911.0
512 bits ecdh (brainpoolP512t1) 0.0011s 897.3
253 bits ecdh (X25519) 0.0000s 34778.4
448 bits ecdh (X448) 0.0004s 2275.8
sign verify sign/s verify/s
253 bits EdDSA (Ed25519) 0.0000s 0.0001s 27223.3 10199.7
456 bits EdDSA (Ed448) 0.0003s 0.0005s 3737.8 2070.6
Short cryptsetup/LUKS tutorial
This short tutorial will guide you in encrypting a drive with cryptsetup and LUKS scheme.
Before starting, if the device had previous data on it, it’s best to delete any filesystem signatures that may be on it. Assuming that the drive we operate is /dev/sda you can use the following command to remove the signatures:
$ sudo wipefs --all /dev/sda --no-act
Remove the --no-act flag to actually modify the disk.
The next step is to actually format the drive using LUKS. This is done using the cryptsetup utility.
$ sudo cryptsetup luksFormat --type=luks2 /dev/sda
WARNING!
========
This will overwrite data on /dev/sda irrevocably.
Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for /dev/sda:
Verify passphrase:
The command will prompt you to enter a passphrase for the encryption and should take a few seconds to complete.
The next step is to add an appropriate entry to crypttab which will simplify starting the dm-crypt mapping later. Add the following line to /etc/crypttab:
archive_crypt UUID=114d42e5-6aeb-4af0-8758-b4cc79dd1ba0 none luks,discard,noauto
where the UUID is obtained through lsblk /dev/sda -o UUID or a similar command. The archive_crypt is the name for the mapped device. It will appear as /dev/mapper/archive_crypt when the device is mapped. The none parameter specifies that no keyfile is used and the system should prompt for an encryption passphrase instead. The noauto, means not to attempt to load the device automatically upon boot. discard should be used if the underlying device is an SSD.
You can test everything works so far by opening and loading the LUKS device:
$ sudo cryptdisks_start archive_crypt
While the device is now encrypted, there is a possible leakage of metadata such as used blocks as an attacker can discern used vs unused blocks by examining the physical drive. This and other side-channel leaks can be mitigated by simply wiping the contents of the encrypted device.
$ openssl rand -hex 32 | openssl enc -chacha20 -in /dev/zero -pass stdin -nosalt | sudo dd if=/dev/stdin of=/dev/mapper/sda_crypt bs=4096 status=progress
We could also have used /dev/urandom but the above technique is much faster.
Now we can create the actual filesystem.
$ sudo mkfs.btrfs --label archive /dev/mapper/archive_crypt
At this point we’re actually pretty much done. You can add and entry to /etc/fstab to easily mount the filesystem and you’re done.
/dev/mapper/archive_crypt /home/guyru/archive btrfs noauto,user 0 0