Mount encrypted volumes from command line?


Hi Experts,

I have the need for inter-operating questions to find a way to mount a USB (FAT FORMATED) LUKS encrypted volume (created under Mandriva Linux OS) on MAC OS X.
Those LUKS encrypted volumes can easily be mounted on WINDOWS OS by FreeOTFE command-line driven.

Please don't dig around TRUECRUPT possible solutions to match my inter operating needs, because I have the need to work with LUKS encrypted volumes, and TRUECRYPT doesn't manage them.

Have already tried OSXCrypt solution that unfortunatly didn't succeed to mount LUKS encrypted volume under MAC OS X.

Trying hard to find a command-line way to attach a USB LUKS encrypted volume under MAC OS X, i request your help to bypass that problem.

Thanks in advance for your...

0 0

If you have lost or do not remember the passphrase you set, your data is just gone and there is nothing that can be done about it. Dont even ask.

NOTE: Since the Anaconda installer has been added to Sabayon iso's disk and/or partition encryption is simply a matter of enabling a check box during installation and adding a password. It's quite easy even for new users. You may also wish to read the following link: Hard Disk Encryption & boot options

For those wishing or needing to perform this from the command line continue reading the following:

Using LVM

If you are also using LVM then all of the steps found in that how-to EXCEPT issuing the mount command must be done first. The LVM must be prepped prior to your decrypting it. A change should also be noted that with LVM instead of decrypting something like /dev/sda3 you instead will find the volume to decrypt in /dev/mapper.

You will have to do this manually, as the script that is in place in the LVM...

0 0
/help or /? Display command line help. /volume or /v File and path name of a TrueCrypt volume to mount (do not use when dismounting). To mount a partition/device-hosted volume, use, for example,/v \Device\Harddisk1\Partition3 (to determine the path to a partition/device, run TrueCrypt and clickSelect Device). You can also mount a partition or dynamic volume using its volume name (for example,

/v \\?\Volume{5cceb196-48bf-46ab-ad00-70965512253a}\). To determine the volume name use e.g. mountvol.exe. Also note that device paths are case-sensitive.

/letter or /l Driver letter to mount the volume as. When /l is omitted and when /a is used, the first free drive letter is used. /explore or/e Open an Explorer window after a volume has been mounted. /beep or /b Beep after a volume has been successfully mounted or dismounted. /auto or /a If no parameter is specified, automatically mount the volume. If devices is specified as the parameter (e.g., /a devices), auto-mount all currently...
0 0

In the last days I played a bit with Slackware Linux on my netbook. But I play a bit too much and I had to recover some important files from my home folder but it is encrypted. The system wasn’t able to boot successfully. I had to boot from an usb-stick. But the problem was to decrypt the partition with my home folder.

H0nk3ym0nk3y wrote a post How to mount a LUKS encrypted partition on boot. But I had to do it manually and the solution is surprisingly easy:
The first step is to get the name of the encrypted partition, with the following command:

sample output:

/dev/sda2: UUID="VERY LONG NUMBER" TYPE="crypto_LUKS"

Now we know the name of the partition /dev/sda2. The next step is to open the partition and set up a mapping name:

cryptsetup luksOpen /dev/sda2/ crypthome

You have to enter the passphrase to decrypt the partition. Feel free to change the mapping name crypthome to whatever you want. The mapped partition is now available in...

0 0
Thanks for your post, solved my problem.

Why are you saying that you are not sure how to mount them? Your last line in the code box does exactly that.

More stuff for future reference:

If you have multiple disks with LVMs, for example the disk your OS is running on plus the USB disk you're trying to mount, then vgchange should get the volume name as an argument, for example:


sudo vgchange -a y testDiskVG1To un-do the whole thing, you need to unmount the logical volumes, then close the volume group and lastly close the encrypted partition. For example (using jerome1232's naming scheme):


sudo umount /media/root; sudo umount /media/home sudo vgchange -a n Ubuntu sudo cryptsetup luksClose cheer
Another little problem I had: both my built-in disk and the external one used the same name for the volume group. In this case it's impossible to activate the second volume group. Use vgdisplay to see what you have. Important are the...
0 0

Encrypting a volume in OS X Mountain Lion couldn’t be easier. In this article, we will look at three ways to encrypt OS X Lion volumes. The reason there are three ways is that booted volumes and non-booted volumes have different methods for enabling encryption. The third way to enable encryption on a volume is to do so through

Encrypting Attached Storage

For non-boot volumes, just control-click or right-click on them and then click on Encrypt “VOLUMENAME” where the name of the volume is in quotes.

Encrypting a Volume in Mountain Lion

When prompted, provide an encryption password for the volume, verify that password and if you so choose, provide a hint.

Setting an Encryption Password For a Volume in Mountain Lion

Once the encryption process has begun, the entry previously clicked on says Encrypting “VOLUMENAME” where the name of the volume is in quotes.

Viewing the Encryption Status in Mountain Lion


0 0


zuluMount-cli is a tool that has a primary mission of opening and closing encrypted volumes as well as mounting and unmounting unecrypted volumes and opened encrypted ones.Its primary purpose is to do what tools like udisks does.


usage: see examples below

-m -- mount a volume : arguments: -d volume_path -z mount_point -e mode(rw/ro)
-- additional arguments for crypto_LUKS,crypto_PLAIN,crypto_TCRYPT volumes, -p passphrase/-f keyfile
-z -- mount point component to append to "/run/media/private/$USER/"
-u -- unmount a volume: arguments: -d volume_path
-s -- print properties of an encrypted volume: arguments: -d volume_path
-o -- offset in sectors on where the volume starts in the volume.The volume is assumed to be plain type with this option
and the option must be given when -u or -s arguments are used with a volume opened with this option
-M -- this option...

0 0

Linux supports encrypted volumes with luks. When a luks encrypted volume is set up during installation to be booted from, the volume is already configured and set up. When an encrypted volume is set up afterwards, the volume remains locked until the volume is first accessed from the GUI file manager or is mounted manually.

Such a volume as described in Created luks encrypted partition on Linux Mint is not directly available during or after system startup. To mount an encrypted volume during system startup, a key needs to be available to the system to unlock and mount the volume. Usually this key is a password entered while creating the encrypted partition.

Create a key to unlock the volume

Luks encryption supports multiple keys. These keys can be passwords entered interactively or key files passed as an argument while unlocking the encrypted partition.

The following command will generate a file with 4 KB of random data to be used as a key to unlock the...

0 0

Let's say you've been using a Linux machine for either a desktop or a server. During the installation you opted to have the home directory encrypted and, at some point (for whatever reason) the system will no longer boot. Is that encrypted data lost? With a little bit of work, no. I want to walk you through the process of recovering the data from your encrypted home directory. This process will require a working Linux machine with the drive containing the encrypted home directory attached and mounted. Your best bet is to handle this process on the likes of one of the more recent Ubuntu releases, as it will ensure your drive is automatically mounted when you attach it. You will also need the encryption password you created to protect your home directory.

Locating the drive

With your drive attached to your working Linux machine, open up a terminal window and issue the command ls /media. You should see the Universal Unique Identifier (UUID) for the drive in question....

0 0

The pam_mount project lets you unlock an encrypted filesystem automatically when you log in. The same password used to log in is used as the key to unlock the encrypted filesystem, so you only need to type it once. Using this method, you can easily share a laptop and have only a single user's home directory unlocked and mounted when he logs in. And pam_mount can mount any filesystem, not just encrypted filesystems, so you can use it, for example, with an NFS share that you are interested in but which you might not like to leave mounted when you are not logged in.

We've written about other alternatives for providing encrypted filesystems, such as EncFS and Loop-AES, dm-crypt, and Cryptmount, but pam_mount makes the whole process seamless.

Last month the project made a major version jump from 0.49 to 1.2, so don't be too alarmed if your distribution is still offering older code. The distribution repositories for Fedora 9 include pam_mount and it is available as a...

0 0

I have a hard disk containing a TrueCrypt volume on /dev/sdc. It is formated with NTFS. I am running Ubuntu 9.4.

To mount the volume I tried this:

sudo truecrypt -t -k "" --protect-hidden=no /dev/sdc /mnt/data

After providing the correct password I get the following error:

Error: $LogFile indicates unclean shutdown (0, 0) Failed to mount '/dev/mapper/truecrypt1': Operation not supported Mount is denied because NTFS is marked to be in use. Choose one action: Choice 1: If you have Windows then disconnect the external devices by clicking on the 'Safely Remove Hardware' icon in the Windows taskbar then shutdown Windows cleanly. Choice 2: If you don't have Windows then you can use the 'force' option for your own responsibility. For example type on the command line: mount -t ntfs-3g /dev/mapper/truecrypt1 /mnt/data -o force Or add the option to the relevant row in the /etc/fstab file: /dev/mapper/truecrypt1 /mnt/data ntfs-3g force 0 0


0 0

I went into several paths from the previous answers and only combination of the previous answers worked for me. He what I did and what went OK, and what went wrong and my workaround.

I have an LUKS encrypted hard disk that I need to mount from a live boot USB for Ubuntu 15.10. To do so I started with the following command,

udisksctl unlock -b /dev/sda3

where sda3 is the encrypted partition. This command didn't work with me and I am not sure why, so I used the following command:

sudo cryptsetup luksOpen /dev/sda1 my_encrypted_volume

it worked with me and I didn't need to install it as it was there in the live boot.

Now, I need to mount the HD, and this was not a straight forward thing: I tried:

sudo mkdir /media/my_device sudo mount /dev/mapper/my_encrypted_volume /media/my_device

But the second command didn't work with me, and hence I have to find a work around which is the following:

sudo udisksctl mount -b /dev/mapper/ubuntu--vg-root


0 0
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

Migrating from TrueCrypt to BitLocker:

If you have the system drive encrypted by TrueCrypt:

Decrypt the system drive (open System menu in TrueCrypt and select Permanently Decrypt System Drive). If you want to encrypt the drive by BitLocker before decryption, disable Trusted Platform Module first and do not decrypt the drive now. Encrypt the system drive by BitLocker. Open...
0 0


Create a new service

The client and daemon API must both be at least 1.24 to use this command. Use the docker version command on the client to check your client and daemon API versions.

This command works with the Swarm orchestrator.


docker service create [OPTIONS] IMAGE [COMMAND] [ARG...]


Parent command

Related commands

Extended description

Creates a service as described by the specified parameters. You must run this command on a manager node.


Create a service

$ docker service create --name redis redis:3.0.6 dmu1ept4cxcfe8k8lhtux3ro3 $ docker service create --mode global --name redis2 redis:3.0.6 a8q9dasaafudfs8q8w32udass $ docker service ls ID NAME MODE REPLICAS IMAGE dmu1ept4cxcf redis replicated 1/1 redis:3.0.6 a8q9dasaafud redis2 global 1/1 redis:3.0.6

Create a service using an image on a private registry

If your...

0 0

You specify the EBS volumes and instance store volumes for your instance using a block device mapping. Each entry in a block device mapping includes a device name and the volume that it maps to. The default block device mapping is specified by the AMI you use. Alternatively, you can specify a block device mapping for the instance when you launch it. All of the NVMe instance store volumes supported by an instance type are automatically added on instance launch; you do not need to add them to the block device mapping for the AMI or the instance. For more information, see Block Device Mapping.

A block device mapping always specifies the root volume for the instance. The root volume is mounted automatically.

You can use a block device mapping to specify additional EBS volumes when you launch your instance, or you can...

0 0
0 0

dm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV (see disk encryption theory), in order to avoid watermarking attacks.[1] In addition to that, dm-crypt also addresses some reliability problems of cryptoloop.[2]

dm-crypt is implemented as a device mapper target and may be stacked on top of other device mapper transformations. It can thus encrypt whole disks (including removable media), partitions, software RAID volumes, logical volumes, as well as files. It appears as a block device, which can be used to back file systems, swap or as an LVM physical volume.

Some Linux distributions support the use of dm-crypt on the root file system. These distributions use initrd to prompt...

0 0
CommandDescriptionAppendThe append command can be used by programs to open files in another directory as if they were located in the current directory. The append command is available in MS-DOS as well as in all 32-bit versions of Windows. The append command is not available in 64-bit versions of Windows.ArpThe arp command is used to display or change entries in the ARP cache. The arp command is available in all versions of Windows.AssocThe assoc command is used to display or change the file type associated with a particular file extension. The assoc command is available in Windows 8, Windows 7, Windows Vista, and Windows XP.AtThe at command is used to schedule commands and other programs to run at a specific date and time. The at command is available in Windows 7, Windows Vista, and Windows XP. Beginning in Windows 8, command line task scheduling should instead be completed with the schtasks command.AtmadmThe atmadm command is used to display information related to asynchronous...
0 0