LUKSbox — Source-available, FIDO2-native, post-quantum-ready encrypted containers.

7 min read Original article ↗

v0.1.1 - May 2026 Apache-2.0 Rust | source-available By Penthertz

Your Data. Your Rules.

Store sensitive files in the cloud, or on shared media without trusting the host. LUKSbox is a Rust-based encrypted-container tool with passphrase, FIDO2 (YubiKey, Titan, Nitrokey, Windows Hello), TPM 2.0, and hybrid post-quantum (ML-KEM-768 / 1024) keyslots. Mounts as a real drive on Linux, macOS, and Windows. By Penthertz.

Try fido2 setup · recovery · ml-kem keyslot

Authentication

Passphrase, FIDO2, TPM 2.0 (Linux only) & Windows Hello

Stack multiple keyslots per vault. Hardware-backed by default - passphrase is the fallback, not the front door. Verified on YubiKey 4/5, Google Titan v2, any CTAP2 device with hmac-secret, and any TPM 2.0 chip on Linux.

Cryptography

Hybrid post-quantum keyslots

ML-KEM-768 and ML-KEM-1024 (FIPS 203) combined via HKDF with classical Argon2id-, FIDO2-, or TPM-derived KEKs. Today's secrets stay secret when CRQCs arrive.

Cross-platform

Mounts as a real drive

Linux + macOS via FUSE, Windows via WinFsp. Same on-disk format everywhere. CLI, interactive TUI wizard, desktop GUI, and detached headers all over the same Container core.

Forensics

Investigate and partially recover damaged vaults

Built-in forensic toolkit: header-backup / header-restore (HMAC-verified), header-dump (decrypted JSON tree), check (per-chunk AEAD walk with exact offsets), and extract --tolerate-errors (zero-fills bad chunks instead of giving up). Same surface as cryptsetup luksHeaderBackup but with chunk-level inspection on top.

Where do you want to go?

Pick a path

01

Quickstart

Create your first encrypted container and mount it as a drive - in under 60 seconds.

Open

02

FIDO2 & Hello setup

Bind a hardware key or biometric to a vault keyslot. Per-platform walkthroughs.

Open

03

Post-quantum keyslots

Hybrid ML-KEM-768 / 1024 design, threat model, and when you should turn it on.

Open

04

TPM 2.0 keyslots

Bind a vault to the machine’s TPM. Optional PIN, fused TPM+FIDO2 mode, hybrid TPM+PQ. Linux today; Windows tracked.

Open

05

Three interfaces, one format

CLI for scripts, TUI wizard for guided flows, GUI for the desktop. Same vault, same on-disk bytes.

Open

06

Security tests

Regression suite, fuzzing harnesses, eight audit rounds. How to feed our corpus and find more attack angles.

Open

07

Recovery

Lost your YubiKey? Forgot the passphrase? TPM died? The recovery procedure, step by step.

Open

08

Forensics & partial recovery

Damaged header? Corrupted chunk? Use header-backup / header-restore / header-dump / check / extract –tolerate-errors to investigate and salvage what is still readable.

Open

09

Build from source

Compile LUKSbox yourself, run the test vectors, verify the published SHA-256.

Open

Quick answers

Frequently asked questions

If yours isn't here, open an issue on GitHub or reach out to Penthertz.

01 Is LUKSbox safe to use today?

It is a v1, and we are upfront about that. The on-disk format is locked, the cryptographic primitives are NIST/RFC standards built on RustCrypto, eight rounds of internal audit have shipped (with three real vulnerabilities found and fixed and 30M+ fuzz iterations across nine harnesses), and a workspace-wide audit of secret-memory handling landed in 2026-05. External paid audit and broader real-world deployment are the next milestones. The cloud-storage threat model, provider can’t read your data even under subpoena, is what it is built for and what it does today. The ‘compromised-host-after-unlock’ threat model is, and will remain, out of scope for any user-space tool. See the security architecture and the threat model.

02 What is LUKSbox actually for?

Storing sensitive files on places you do not fully trust: cloud storage (iCloud, Google Drive, Dropbox, OneDrive, S3, Backblaze), network shares and NAS units managed by someone else, USB sticks that travel, backup media that lives outside your physical reach. You encrypt locally with your keys, drop the resulting .lbx wherever, and mount it back as a real drive when you need it. The provider sees one opaque blob and cannot decrypt it even under legal compulsion. Read the comparison page for the head-to-head against provider encryption, LUKS2, VeraCrypt, age, gocryptfs, and BitLocker / FileVault.

03 Should LUKSbox be my only copy of an important file?

No. Use LUKSbox to make a secondary copy that is safe to share or store in places you don’t control (cloud sync, USB drive, vault sent to a colleague or client). Like any encrypted container, a .lbx is a single point of failure: if the file is corrupted, lost, or every keyslot becomes inaccessible, the data is gone. The forensic toolkit (header-backup, check, extract --tolerate-errors) helps in many damage scenarios but cannot recover bytes that are no longer on disk or no longer AEAD-tagged. Always keep an unencrypted copy somewhere you trust for any file you cannot afford to lose. See the Disclaimer for the no-warranty / no-liability details.

04 What if a single chunk is bit-flipped or the header is corrupted?

LUKSbox ships a forensic toolkit on par with cryptsetup’s luksHeaderBackup plus chunk-level inspection on top. luksbox check walks every chunk and pinpoints which one fails AEAD with file path + on-disk offset. luksbox extract --tolerate-errors salvages a file by zero-filling the bad chunks. luksbox header-backup saves the 8 KiB header before changes; luksbox header-restore reinstates a saved header (HMAC-verified by default to prevent attacker-substituted backups). luksbox header-dump emits the decrypted file tree as JSON for forensics. Full walkthrough on the Forensics page.

05 Is LUKSbox compatible with cryptsetup / LUKS2?

No. LUKSbox uses its own on-disk format (LBXVAULT magic, custom 8 KiB header) optimised for FIDO2 + TPM 2.0 + post-quantum keyslots and detached-header mode. The name borrows the LUKS spirit; the bytes are different. cryptsetup won’t read a LUKSbox vault, and LUKSbox won’t open a LUKS2 vault.

06 Why hybrid post-quantum and not pure ML-KEM?

Hybrid keyslots derive the wrap-KEK via HKDF-SHA256 over both an Argon2id-stretched passphrase (or FIDO2 hmac-secret) AND an ML-KEM shared secret. If either primitive breaks - classical or PQ - the other still protects the vault. The Kyber seed file lives on separate trusted storage so even disk + passphrase doesn’t unlock without the seed.

07 Does it work without a hardware key?

Yes - every vault can have a passphrase keyslot. FIDO2, Windows Hello, TPM 2.0, and hybrid-PQ are optional additional keyslots. You can mix any combination in the same vault.

08 How does it compare to VeraCrypt or LUKS2?

VeraCrypt has no hardware-key or post-quantum support. LUKS2 added FIDO2 via systemd-cryptenroll but no PQ and no TPM-as-a-keyslot. LUKSbox is built around all of those as first-class slot kinds, in memory-safe Rust, fully open source under Apache 2.0. See the comparison page and docs/PROJECT_OVERVIEW.md Sec.4 for the head-to-head.

09 How do I help find bugs?

We explicitly want external eyes on the fuzzing corpus and on the integration layer. The security tests page lists each fuzz target’s status, the regression suite, and four concrete contribution paths (corpus seeds, new fuzz harnesses, regression-test suggestions, AFL++ campaigns). Suspected vulnerabilities go to GitHub issues.

10 Is it open source?

Open source under the Apache License 2.0. You can read, audit, build, modify, redistribute, and use the source in any product including commercial ones that compete with LUKSbox. Apache 2.0 includes an explicit patent grant from every contributor, which matters for cryptography work. The Penthertz brand (the LUKSbox name and logo) is reserved via the trademark policy; see TRADEMARK.md - you can fork the code freely, you just can’t call your fork “LUKSbox”.