TheLinux Unified Key Setup (LUKS) is adisk encryption specification created by Clemens Fruhwirth in 2004 and originally intended forLinux.

LUKS implements a platform-independent standard on-disk format for use in various tools. This facilitates compatibility and interoperability among different programs and operating systems, and assures that they all implementpassword management in a secure and documented manner.^[1]

LUKS is used to encrypt ablock device. The contents of the encrypted device are arbitrary, and therefore any filesystem can be encrypted, includingswap partitions.^[2] There is an unencryptedheader at the beginning of an encrypted volume, which allows up to 8 (LUKS1) or 32 (LUKS2)encryption keys to be stored along with encryption parameters such as cipher type and key size.^[3][4]

The presence of this header is a major difference between LUKS anddm-crypt, since the header allows multiple different passphrases to be used, with the ability to change and remove them. If the header is lost or corrupted, the device will no longer be decryptable.^[5]

Encryption is done with a multi-layer approach. First, the block device is encrypted using amaster key. This master key is encrypted with each activeuser key.^[6] User keys are derived from passphrases,FIDO2 security keys,TPMs orsmart cards.^[7][8] The multi-layer approach allows users to change their passphrase without re-encrypting the whole block device. Key slots can contain information to verify user passphrases or other types of keys.

There are two versions of LUKS, with LUKS2 featuring resilience to header corruption, and using theArgon2key derivation function by default, whereas LUKS1 usesPBKDF2.^[9] Conversion between both versions of LUKS is possible in certain situations, but some features may not be available with LUKS1 such as Argon2.^[3] LUKS2 usesJSON as a metadata format.^[3][10]

Available cryptographic algorithms depend on individual kernel support of the host.Libgcrypt can be used as a backend for hashing, which supports all of its algorithms.^[11] It is up to the operating system vendor to choose the default algorithm.^[12] LUKS1 makes use of ananti-forensics technique called AFsplitter, allowing for securedata erasure and protection.^[13]

Logical Volume Management can be used alongside LUKS.^[14]

LVM on LUKS

When LVM is used on an unlocked LUKS container, all underlying partitions (which are LVM logical volumes) can be encrypted with a single key. This is akin to splitting a LUKS container into multiple partitions. The LVM structure is not visible until the disk is decrypted.^[15]

LUKS on LVM

When LUKS is used to encrypt LVM logical volumes, an encrypted volume can span multiple devices. The underlying LVM volume group is visible without decrypting the encrypted volumes.^[16]

A common usage of LUKS is to providefull disk encryption, which involves encrypting theroot partition of an operating system installation, which protects the operating system files from beingtampered with or read byunauthorized parties.^[14]

On a Linux system, theboot partition (/boot) may be encrypted if thebootloader itself supports LUKS (e.g.GRUB). This is undertaken to prevent tampering with theLinux kernel. However, thefirst stage bootloader or anEFI system partition cannot be encrypted (seeFull disk encryption#The boot key problem).^[14]

On mobile Linux systems,postmarketOS has developedosk-sdl to allow a full disk encrypted system to be unlocked using a touch screen.

For systems runningsystemd, thesystemd-homed component can be used to encrypt individualhome directories.^[17]

Thereference implementation for LUKS operates on Linux and is based on an enhanced version ofcryptsetup, usingdm-crypt as the disk encryption backend. UnderMicrosoftWindows, LUKS-encrypted disks can be used via theWindows Subsystem for Linux.^[18] (Formerly, this was possible with LibreCrypt,^[19] which currently has fundamental security holes,^[20][21] and which succeededFreeOTFE, formerly DoxBox.)

DragonFly BSD supports LUKS.^[22]

Several Linux distributions allow the root device to be encrypted upon OS installation. These installers includeCalamares,^[23]Ubiquity,^[24]Debian-Installer,^[25] and more.

LUKS headers are backward compatible; newer versions of LUKS are able to read headers of previous versions.^[26]

LUKS2 devices begin with a binary header intended to allow recognition and fast detection byblkid, which also contains information such aschecksums. All strings used in a LUKS2 header arenull-terminated strings. Directly after the binary header comes the JSON area, containing the objectsconfig (configuration),keyslots,digests,segments (describes encrypted areas on the disk), andtokens containing extra metadata.^[10]

The binary format for regularluks2 keyslots are mostly similar to their predecessor, with the addition of different per-keyslot algorithms. Another type of key exists to allow redundancy in the case that a re-encryption process is interrupted.^[10]

Cryptsetup is the reference implementation of the LUKS frontend.

To encrypt a device with the path/dev/sda1:

#cryptsetupluksFormat/dev/sda1

To unlock an encrypted device, wherename is themapped device name:

#cryptsetupopen/dev/sda1name

Re-encrypting a LUKS container can be done either with thecryptsetup tool itself, or with a legacy tool calledcryptsetup-reencrypt. These tools can also be used to add encryption to an existing unencrypted filesystem, or remove encryption from a block device.^[11][27]

Both methods have similar syntax:

#cryptsetupreencrypt/dev/sda1

#cryptsetup-reencrypt/dev/sda1

• Comparison of disk encryption software

• Official website
• Frequently Asked Questions (FAQ)
• LibreCrypt: Implementation for Windows
• LUKS1 Specification
• LUKS2 Specification

• Cryptographic software
• Disk encryption
• Linux security software

• CS1 errors: missing periodical
• Articles with short description
• Short description matches Wikidata
• Official website different in Wikidata and Wikipedia