The new LUKS Uni-Tool: LotsaLuks v1.0.0

[jafadmin]

I'm going to re-use this thread to release v1.0.0 of LotsaLuks

Uninstall any previous versions, then install this one (v1.0.0). There are ".pet" packages for those that use them, and a ".txz" for the FatDog users. (make sure and remove the ".zip" extension after downloading the FatDog version. The rename was necessary to allow uploading here)

The app is fairly agnostic, but does rely on Xdialog and a "defaultfilemanager" proxy. The package for FatDog includes one. All puppies will need to restart X for the mime type to register.

There is a new app overview .pdf, and a copy of the "delete-stale-mnts" script for those who wish to add it to their Startup.

More description in following post.

[jafadmin]

A special "Thank You" to: @jamesbond, @musher0, @williams2, @perdido, and @soniabu to name but a few.

Besides the normal tweaking and fine tuning, this release version (v1.0.0) also provides tools to backup and restore your LUKS headers, thereby ensuring they can be recovered if the device/file headers get damaged or overwritten.

It will also show you the 'df' (usage) of the mounted LUKS items, including your 'savefile_luks' files.

It installs the ".luks" mime type, and OpenWith features in Rox-filer. When it offers to go to an opened LUKS item, it opens it using the "defaultfilemanager" proxy.

The LUKS files do not require the ".luks" file extension, but mime automation is based on it. You can still use the "OpenWith" feature on those that don't.

NOTES:
1) Changed the "defaultfilemanager" method to "xdg-open" for all distros. It seems universal.

.

[jafadmin]

I have made a .deb version that seems to work Ok with Debian variants. It tested good in Mints and Devuan 10 (Dev-1). It should work with Ubuntu. (Remove the ".zip" extension to use it.)
It requires that you have gksu installed. If your Debian distro doesn't have it in it's normal repo, you can get it here:https://launchpad.net/~mark-pcnetspec/+ ... buntu/gksu
Which means do this:

Code: Select all

sudo add-apt-repository ppa:mark-pcnetspec/gksu
sudo apt-get update
sudo apt-get install gksu

And if you need to dpkg manually:

Code: Select all

sudo dpkg -i LotsaLuks_1.0.0.deb

[Mike Walsh]

Can somebody explain to me what the point of all this encryption is? From what I understand, encryption makes system recovery much, much harder, so, er......???

Apart from the 'usual suspects', is anybody in the community really that paranoid about keeping everything they do SUPER private? I find external USB drives, plugged in as and when required, do a pretty good job of keeping my data secure.....


Mike.

[jafadmin]

@Mike Walsh .. Good question Mike.

I come from a multinational corporate IT background. The frequency with which PI (personal information) and IP (intellectual property) are stolen as a result of computer theft is astonishing.

These items are stolen during home burglaries, hotels stays, automobile smash & grabs, muggings, and even stolen while you are in the bathroom at the airport.

The highest frequency of these thefts occur against the most senior people in a company. In one instance, some of our people went to a conference in Singapore and left their laptops all locked up in the hotel's conference room before taking a "long lunch". When they returned, all our company's laptops were gone. Just our company's. No one else's were touched.

So the point is, if you have content that you don't want to fall into the wrong hands, lock it up (encrypt). Do you leave your car unlocked? Your home?
https://www.cnet.com/news/statistics-an ... ter-theft/

.

[hansen67]

I can't unpack this archive? LotsaLuks_1.0.0.deb.zip... will anyone confirm that everything is OK?
upssss ..... I already know about removing the extension

[jafadmin]

This one is for Debian, Ubuntu, and Mint. Download to your desktop and rename it to: "LotsaLuks_1.0.0.deb"

Then click on it. It should automatically install.

I just tried it on a fresh Mint VM. Worked like a charm.

If you want more help you will have to describe the steps you are taking that fail.

[hansen67]

Works perfect! ... but I will still test if I notice something wrong, I will let you know
beautiful work I missed such a simple and dedicated program for Linux
thank you !!!

[hansen67]

my system: Linux Mint 19.3 Tricia (Cinnamon)
using the option: Create Luks Storage Files
my system freezes .... only system reboot helps
when I use the option : Change Luks Passwords
when I enter the incorrect old password
no message about wrong password appears, only a window for confirming a new password ..... which confuses whether the password has been changed or not

[jafadmin]

First: Did you install "gksu" as per the instructions above? It is necessary to give you sudo permissions to use cryptsetup features.

Second: When LotsaLuks successfully changes the password, it tells you it succeeded.

[hansen67]

So I installed the gksu program from the repo:

Code: Select all

sudo add-apt-repository ppa:mark-pcnetspec/gksu
sudo apt-get update
sudo apt-get install gksu

gksu works fine on my system i.e.
when running you must enter the root administrator password.
Yes you are right after entering the correct old password at the end is confirmation of the change to a new one.
So I can remember what happens if I enter the wrong old password.
but if I use the option: Create Luks Storage Files
however, this system error occurs even if I give up or leave this option / cancel ......... the system hangs.
If I enter the system using the shortcut: ctrl + alt + f1
and check in the terminal in the top program
this CPU has 100% on two processes:

Code: Select all

csd-keyboard
cinnamon

maybe because I'm using a different system than the English version?

[jafadmin]

I'm not sure what's happening (I can't replicate the behavior), but I do know that cryptsetup has a minimum file size. I'm not sure what it is.

At any rate, I don't make luks files smaller that 8 megs because of it.

It needs a certain amount for luks headers, some for ext2 headers, etc.

Maybe that will help?

Tell me the exact steps you are using to create the file. Name, location, size, FS type, encryption type, etc .. I will try to replicate it.

.

[hansen67]

Tell me the exact steps you are using to create the file. Name, location, size, FS type, encryption type, etc .. I will try to replicate it.
.

I checked on my popular linux system
- Linux Mint 19.3 Tricia (Cinnamon) (Ubuntu 18.04 bionic lts) kernel : 4.15.0-88-generic
but in the Live -USB + Polish language version. LotsaLuks installed correctly and you could create an encrypted storage file. You could open it but with some errors.... additional trash window ... and some information (cache thumbnail memory ....)

However, after a full system update in the live version, i.e.

Code: Select all

sudo apt-get update
sudo apt-get upgrade

creating an encrypted file was no longer possible !!!
When saving the file the system hung with effects as I described in an earlier post.
It follows that the fault lies in the upgrade.
see this video :

if I have a moment I will see on Debian.

[jafadmin]

I have no way to support a Polish language version of this script. The script is in English. I speak English.

I can't read the screen capture you posted.

Sorry

[hansen67]

I can't read the screen capture you posted.
Sorry

in English
https://imgur.com/a/2L9fZBi

Well in my case the LotsaLuks program
causes more trouble on the system
Only after disabling the Plank (dock) program could it be created
encrypted container file.
But opening this file results in an error and opening Audacious instead of the file manager
After uninstalling Audacious, everything is OK

[jafadmin]

Thanks for posting that. I hope it helps someone. At this point I have no idea what is causing the conflict. maybe those apps are trying use the ".luks" file extension?

Without knowing the steps you used to create the storage file, it's anybody's guess.

[mikeslr]

Hello jafadmin,

Hope all is well in your part of our increasingly evidentally small global village.

I read your Overview.pdf. Thanks for that and you work. Your pdf does a good job of explaining things. But, I read things with a Lawyer's fondness for finding problems which may not exist: (a) Defensively, how can a layman misunderstand; (b) Offensively, how can something be intentionally misunderstood [to a client's advantage ].

At any rate, I was wondering how Luks can be used with a SaveFile. Can an existing SaveFile be converted? What problems are likely to arise using a Luks encrypted SaveFile?

[jafadmin]

First of all, The Bionics both use LUKS when you choose the "encrypted savefile" option. You can use LotsaLuks to create additional encrypted partitions or filesystems.

Secondly, the use of encrypted filesystems is an additional discipline. The user must learn to create, store, and backup IP to an encrypted store, instead of creating it in default directory structure..

Just like with un-encrypted storage, your data should be backed up, but to an encrypted backup medium.

A typical setup for me is to partition a 128g thumb with a 16g puppy partition that uses an encrypted savefile (4g, maybe). I then use LotsaLuks to encrypt the remainder of the thumbdrive as encrypted storage. Then, depending on my needs I either use the LotsaLuks app to open the encrypted store after booting, or create a script to automatically mount it at boot.

With LUKS containers, ALWAYS BACKUP THE HEADERS using LotsaLuks.

[memo]

Hi all,

Thanks for this nice tool. I have a question in regard to its usage. it seems that I can save the lock file any where and in any partition, but the locked file seems to locate itself in mnt/home and refuses to be moved. Another thing is that when the file manager opens to locate the destination of the .luks file, the directory box doesnot correspond to mouse clicks on different folder but I need to type the destination folder in the directory box. lastly, it seems that to encrypt a partition or a desk it needs to be formatted first which is difficult if the person already hit as as data on that partition, is there a solution to this problem.

Edit: it seems that it does not work with flash memory ( I tried to treat as both partition and hard disk)

any suggestions?

cheers,

[jafadmin]

1) What is a "lock" file?
2) For the app to encrypt a partition, that partition must first exist.
3) The app uses the standard Xdialog "file select" (fselect) dialog. I'm not sure from your description what the problem is.
*4) The app doesn't work with mmcblk devices only because I don't have a machine with a flash reader to test with. I manage flash memory with USB adapters due to their simplicity and uniformity. The app will work with flash memory in a USB adapter.
5) Never try to move a LUKS encrypted file, or ANY file opened as a loop device while it is mounted. Once that item is closed, use Roxfiler to move it wherever you wish.

*If I find a machine with a flash reader, I will update the app to accommodate it.
*If you encrypt a MicroSD using a USB adapter, those puppies with LUKS built-in (Bionics, for instance), AND a built-in MicroSD reader will prompt for the password when it's disk icon is clicked, and mount the encrypted partition.