Как защитить ключи LUKS с помощью Рутокен ЭЦП 3.0 и алгоритмов ГОСТ Р 34.10-2012. Часть 1

В этом цикле статей мы подробно рассмотрим технологию LUKS с позиции системного администрирования и способы защиты мастер-ключа, в том числе и с использованием алгоритмов ГОСТ Р 34.10-2012 на Рутокен ЭЦП 3.0. Материал прошел обсуждение в фокус-группе нашего сообщества ALD Pro фессионалов и будет включен в содержание открытого курса по службе каталога ALD Pro . Возможности повысить квалификацию в объеме 16 академ. часов не обещаем, но вкусных буковок будет много.

https://habr.com/ru/companies/astralinux/articles/992778/

#linux #luks #полнодисковое_шифрование #full_disk_encryption #fde #рутокен #рутокен_эцп #рутокен_эцп_30 nf #plymouth

@nika64 @markuswerle @Laszlo
Für Linux-Rechner würde man zur Festplattenverschlüsselung LUKS benutzen. Habe gerade gelesen, dass bei Dual-Boot mit Ubuntu auch die gleichzeitige Verschlüsselung mit BitLocker für Windows und LUKS für Linux möglich ist, das war mir neu. Falls du es versuchen willst, hier ist eine Anleitung (ohne Gewähr, hab es nicht ausprobiert).
https://www.mikekasberg.com/blog/2025/05/19/dual-boot-ubuntu-25-04-and-windows-with-encryption.html
#LUKS #Bitlocker #Linux #Ubuntu #DualBoot

Unknown GRUB boot menu version from official repository #boot #grub2 #uefi #luks

https://askubuntu.com/q/1563561/612

Nirvana Dolce Vita Otel: Lyuks, Chto Ponravilos i Chto Net - Bir Bakış!

Nirvana Dolce Vita Otel Hakkında Bilgi
<p>Nirvana Dolce Vita Otel, lüks seyahat seçenekleri arasında yer almaktadır. Otelin sunduğu olanaklar ve hizmetler ne kadar iyidir? İşte Nirvana Dolce Vita Otel incelemesindeki olumlu ve olumsuz yanları.</p>İyiler:
• Lüks odalar ve tesisler
• Mükemmel hizmet
•...

🔗 https://userreview.net/en/content/nirvana-dolce-vita-otel-klassa-lyuks-chto-ponravilos-i-chto-net

#Nirvana Dolce Vita Otel #Lüks Otel #Seyahat

do someone know if the installer of home asistant for x64, allow disk encryption (with potential tpm autounlock ?)

If not do you know a premade that allow it ?

(i ask because i need thread and matter (docker donc support it if i trust their doc), and i would like to maintain encryption on the OS that host it).

#homeassistant @homeassistant #tpm #tpm2 #luks #encryption

LUKS on a device with bad blocks - doable via GUI? #harddrive #luks #badblocks

https://askubuntu.com/q/1563464/612

fun with luks.
Add a FIDO2 device, it works. (Well actually not, me being too dumb adding a second line for the same disk does not count. I fixed it :)

Add another device, it works.
One for my son, one for me. Well I do like a fallback , shit happens. I lost a yubikey long time ago..
Ok backup for me. *boom* prompt for pin and after 2 digits.. systemd fails..
Ok, 3 is too much 🤔
#linux #luks #fido2

# when you forget everything about a USB drive
cd ~/.password-store; find . -type f -not -path '*/.*' | while read i; do pass ${i::-4} | sudo cryptsetup open /dev/sdb2 disk2 && { echo "$i"; break }; done
#writeonly #luks #pass #who_needs_john

Happy Data Protection Day!

20th anniversary online event: https://www.coe.int/web/data-protection/data-protection-day

#Data #DataProtection #DataPrivacy #Privacy #InfoSec #InformationSecurity #CyberSecurity #Encryption #E2EE #Security #PasswordManager #SelfHost #SelfHosted #SelfHosting #Linux #DataSovereignty #CouncilOfEurope #CoE #EDPS #EuropeanDataProtectionSupervisor #DPD #DPD2026 #OpenPGP #PGP #GnuPG #GPG #VeraCrypt #Tomb #LUKS #AES #P2P #VPN #LetsEncrypt #Argon2 #Tor #XMPP #OMEMO #TorBrowser #Tails #PrivacyBadger #JShelter

LUKS : l’alternative Linux à BitLocker pour un chiffrement vraiment souverain - Nouvel article sur legoutdulibre.com :

Chez Le Goût du Libre, nous accompagnons régulièrement des particuliers, des
https://magicfab.ca/2026/01/luks-lalternative-linux-a-bitlocker-pour-un-chiffrement-vraiment-souverain/
#ducation #Scurit #Ubuntu #Annonces #Debian #GNULinux #LogicielsLibres #chiffrement #cybersecurity #Debian #Encryption #Linux #loi25 #luks #Scurit #Ubuntu #bitlocker
via https://magicfab.ca/carnet

🔒 LUKS1 vs LUKS2: Linux encryption showdown! LUKS1 offers fixed headers & PBKDF2 for broad compatibility, while LUKS2 brings flexible JSON metadata, Argon2 KDF for brute-force resistance & better recovery. Which wins for your setup? Dive in: https://www.baeldung.com/linux/luks1-vs-luks2 #Linux #Encryption #LUKS #CyberSec

Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects’ laptops

https://techcrunch.com/2026/01/23/microsoft-gave-fbi-a-set-of-bitlocker-encryption-keys-to-unlock-suspects-laptops-reports/

Because, of course, by default, BitLocker recovery keys are uploaded to Microsoft’s cloud, and it looks like you need to pay for the privilege of having the Pro edition if you want to have the option of opting out.

Reject this BS. Use proper disk encryption! Or, even better, if you care about plausible deniability, use Shufflecake! https://shufflecake.net/

#shufflecake #truecrypt #veracrypt #microsoft #bitlocker #luks #security #privacy #fbi #surveillance

Just a little tips for anyone use LUKS to encrypt their root storage. Don't depend on a bluetooth keyboard because bluetooth connection has not established yet when you must insert LUKS passphrase.

It's okay to use wireless keyboard, but not the real bluetooth one.

#linux #luks #bluetooth #wireless

Adding an encrypted LUKS disk to a LUKS+LVM root filesystem? #boot #encryption #lvm #luks

https://askubuntu.com/q/1563133/612

Wish me luck!

#linux #geek #luks #homeServer

@utopify_org @opensourceopenmind

I use a #Librem5 as my daily phone:

- Full device disk encryption with #LUKS
- #PureMaps for navigation. GNOME Maps for looking, searching on a map. Both #OpenStreetMap based.
- WiFi just works
- In the past I used Mullvad VPN, but recently not tested any more.
- Synchronization via ssh/scp. I could very probably also use Nextcloud client, but did not test that.
- Signal Desktop
- #Fractal for #Matrix
- I use vim (mostly over ssh)

(1/2)

Во времена #EFI & #UEFI этот самый #GRUB уже и не нужен.
Во-первых, полно и других разнообразных UEFI boot manager'ов.

Во-вторых, не особо то они и нужны вообще как класс. Компьютер можно загружать и напрямую через EFI-stub ядра ОС, образы которых давно собираются как EFI-приложения (раз и два).
Т.е. надо идти в настройки UEFI материнской платы и смотреть загрузочные записи, хранящиеся в #NVRAM — дописывать туда все те параметры\аргументы, которые UEFI при старте компа будет подставлять в качестве аргументов командной строки. Так же как и GRUB или другой boot manager грузящий vmlinuz-файл.

Цивилизованный старт
Использовать то, что было известно как #gummiboot, а теперь стало называться #systemd-boot. Там вполне удобные текстовые файлы в /boot/loader/entries/... через которые можно передать нужные значения и аргументы в переменные. Например такие как используются для #LUKS разделов:

options	rd.luks.options=password-echo=no
options	rd.luks.data=UUID=/dev/disk/by-id/nvme-VENDOR-partN
options	rd.luks.name=UUID=my-enc-swap
options	resume=/dev/mapper/my-enc-swap
options	rd.luks.data=UUID2=/dev/disk/by-id/nvme-VENDOR-partY
options	rd.luks.name=UUID2=my-enc-root
options	root=/dev/mapper/my-enc-root

Your notebook is your weapon. Suspend fast. Hibernate before power runs out.

https://silentarchitect.org/2026/01/suspend-then-hibernate.html

#lvm #luks #hibernate #suspend #notebook #battery #systemd #suspendthenhibernate

Suspend then hibernate sounds simple, until LUKS and LVM enter the picture. Make it work without breaking your system. #linux #powermanagement #luks #lvm #hibernate #suspend

http://tomsitcafe.com/2026/01/14/suspend-then-hibernate-with-luks-and-lvm-a-practical-setup/

My efforts at enabling #TPM boot unlock of the root #LUKS volume to get me from two password entries to one backfired, somehow resulting in **three** password entries needed! Still not sure how I managed this, guess I must a genius of some sort. 🤓