Categorygithub.com/anatol/luks.go
modulepackage
0.0.0-20250316021219-8cd744c3576f
Repository: https://github.com/anatol/luks.go.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
31
Dependents
3
Files
1.2k SLOC

# README

Pure Go library for LUKS volume management

luks.go is a pure-Go library that helps to deal with LUKS-encrypted volumes.

Currently, this library is focusing on the read-only path i.e. unlocking a partition without doing any modifications to LUKS metadata header.

Here is an example that demonstrates the API usage:

dev, err := luks.Open("/dev/sda1")
if err != nil {
  // handle error
}
defer dev.Close()

// set LUKS flags before unlocking the volume
if err := dev.FlagsAdd(luks.FlagAllowDiscards); err != nil {
    log.Print(err)
}

// UnsealVolume+SetupMapper is equivalent of `cryptsetup open /dev/sda1 volumename`
volume, err = dev.UnsealVolume(/* slot */ 0, []byte("password"))
if err == luks.ErrPassphraseDoesNotMatch {
    log.Printf("The password is incorrect")
} else if err != nil {
    log.Print(err)
} else {
    err := volume.SetupMapper("volumename")
    // at this point system should have a file `/dev/mapper/volumename`.
}

// equivalent of `cryptsetup close volumename`
if err := luks.Lock("volumename"); err != nil {
    log.Print(err)
}

License

See LICENSE.

# Packages

No description provided by the author

# Functions

Lock closes device mapper partition with the given name.
Open reads LUKS headers from the given partition and returns LUKS device object.

# Constants

List of options handled by luks.go API.
supported at Linux 5.9 or newer.
supported at Linux 5.9 or newer.
List of options handled by luks.go API.
List of options handled by luks.go API.

# Variables

ErrPassphraseDoesNotMatch is an error that indicates provided passphrase does not match.

# Structs

Token represents LUKS token metadata information.
Volume represents information provided by an unsealed (i.e.

# Interfaces

Device represents LUKS partition data.