Crate luks2[][src]

Expand description

This crate defines data structures to interact with a LUKS2 partition.

See the examples/ folder for how to use this with a real partition or an .iso file on Linux and Windows (all examples need to be modified or require creating some files before they work correctly).

You’ll probably want to compile in release mode most of the time, or else the master key extraction (which happens everytime a LuksDevice is created) will take quite a long time.


Recover information that was split antiforensically.

Custom error types.

Password input.


Global attributes for the LUKS device.

A struct representing a LUKS device.

A LUKS2 header as described here.

The LUKS2 user data integrity protection type, an experimental feature which is only included for parsing compatibility.

JSON metadata for the device as described here.

A token is an object that can describe how to get a passphrase to unlock a particular keyslot. It can also contain additional user-defined JSON metadata. No token types are implemented; this is only included for parsing compatibility.


An anti-forensic splitter of a LuksKeyslot. See the LUKS1 spec for more information.

Information on the allocated area in the binary keyslots area of a LuksKeyslot.

A digest is used to verify that a key decrypted from a keyslot is correct. Digests are assigned to keyslots and segments. If it is not assigned to a segment, then it is a digest for an unbound key. Every keyslot must have one assigned digest. The key digest also specifies the exact key size for the encryption algorithm of the segment.

Stores information on the PBKDF type and parameters of a LuksKeyslot.

A keyslot contains information about stored keys – areas, where binary keyslot data are located, encryption and anti-forensic function used, password-based key derivation function (PBKDF) and related parameters.

The priority of a LuksKeyslot.

A segment contains a definition of encrypted areas on the disk containing user data (in LUKS1 mentioned as the user data payload). For a normal LUKS device, there ist only one data segment present.

The size of a LuksSegment.


Type Definitions