Custom Commands: Nuking cryptsetup keyslots

Question

Custom Commands: Nuking cryptsetup keyslots

HulaHoopWhonix opened this issue 9 years ago · 2 comments

I don't know if custom commands are supported but nuking cryptsetup keyslots would be a good option.

Answer 1 · 2016-09-01T22:08:33.000Z

EDIT:

On SSDs this won't be of value because wear levelling prevents proper erasure. Might make the feature not worth it. Or needs a disclaimer

Answer 2 · 2023-06-29T15:57:41.000Z

You can add custom commands in the .ini file.

The commands are
cryptsetup erase [] or
cryptsetup luksErase []

Be aware that there is no sanity check for this command. This will render your entire partition to be unrecoverable. The key is used to decrypt a certain part of the LUKS header to make sure that it is the correct key. Without this, it is theoretically or practically impossible to recover the true plaintext.