Add Cryptsetup guide to encryption

content/notes/ready/encryption.md

@@ -23,6 +23,8 @@ showToc: true
 
 ## GPG
 
+GPG uses asymmetric encryption to sign, encrypt and decrypt files.
+
 ### Create a Set of Keys
 
 ```Shell
@@ -115,3 +117,102 @@ gpg --output private.pgp --armor --export-secret-keys email@example.com
 gpg --list-keys # Same as gpg -k
 gpg --list-secret-keys
 ```
+
+## Cryptsetup
+
+Cryptsetup manages encrypted volumes using the LUKS standard. It allows you to create, open, and control encrypted partitions or file-based containers.
+
+### Encrypted File Container
+
+```Shell
+dd if=/dev/zero of=encrypted.img bs=1M count=100 # Create a 100M container
+# Format the file as a LUKS encrypted volume
+sudo cryptsetup luksFormat encrypted.img 
+sudo cryptsetup luksOpen encrypted.img encryptedVolume  # Open the container
+# Format the volume with an ext4 filesystem
+sudo mkfs.ext4 /dev/mapper/encryptedVolume
+```
+
+#### Mount
+
+```Shell
+sudo mount /dev/mapper/encryptedVolume /mnt/encrypted
+```
+
+#### Unmount
+
+```Shell
+sudo umount /mnt/encrypted
+sudo cryptsetup luksClose encryptedVolume  # Close the encrypted container
+```
+
+### Encrypted Storage Devices
+
+A Storage Device can be a USB drive, disk, SD card, etc...
+
+> If you have access to a desktop environment, you can use the GNOME Disks APP, for example, to create an encrypted partition.
+
+#### Prepare the Device
+
+1. If your device is mounted, unmount all mount points before continuing:
+
+```sh
+lsblk # List the storage devices available
+sudo umount <mount_point>
+```
+
+2. Populate the partition with random data to avoid pattern-based encryption attacks: (optional)
+
+> This process will WIPE the device and overwrite all data on it! Make sure to back up your files before proceeding.
+
+```sh
+# Slow, but more random values
+sudo dd if=/dev/urandom of=/dev/sdX bs=4K status=progress
+
+# Faster solution, but not as random
+sudo badblocks -c 10240 -s -w -t random -v /dev/sdX
+```
+
+3. Prepare the partition to encrypt:
+
+In this example, the whole device will be erased and encrypted, but you can also create a separate partition to encrypt, instead of the entire device.
+
+```sh
+# Clear all partitions
+echo ",,;" | sudo sfdisk /dev/sdX
+```
+
+#### Encrypt the Partition
+
+First, the partition must be formatted with Linux Unified Key Setup (LUKS). LUKS stores metadata at the beginning of the partition which contain the type of encryption and a randomly generated key, encrypted with the passphrase provided to `luksFormat`.
+
+It's recommended to use at least 3 random words as the passphrase.
+
+```sh
+# Format the device
+sudo cryptsetup luksFormat /dev/sdX1
+# Create a virtual device to manage the encrypted device
+sudo cryptsetup luksOpen /dev/sdX1 myusb
+# Format the partition using the encrypted device created earlier.
+sudo mkfs.ext4 /dev/mapper/myusb -L <label>
+sudo cryptsetup luksClose myusb # Close the device
+```
+
+After performing these steps, you may disconnect the drive.
+
+#### Accessing the Device
+
+When connected the device, your file manager should prompt you for a password. If you are not using a desktop environment, you might have to mount it yourself:
+
+```sh
+sudo cryptsetup luksOpen /dev/sdX1 myusb  
+sudo mkdir -p /media/myusb  
+sudo mount /dev/mapper/myusb /media/myusb
+```
+
+Then, to unmount:
+
+```sh
+sudo umount /media/myusb  
+sudo cryptsetup luksClose myusb
+```

content/notes/ready/wsl2.md

@@ -56,7 +56,7 @@ sudo install -o ${USER} -g ${USER} -d "/home/.${USER}"
 
 Next, the file has to be populated. Usually, `EXT4` filesystems use 4kB block sizes. With this in mind, use the following formula to determine the number of blocks needed to fill the disk, where x is the result and y is the amount of space, in GB, that you want the disk to occupy.  
 
-$$x = y * 1024^2 / 4$$
+`x = y * 1024^2 / 4`
 
 ```Bash
 dd if=/dev/zero of="/home/.${USER}/disk.img" bs=4k count=<X> # Replace <X> with the result.