whatisgithub

What is luksbox?

penthertz/luksbox — explained in plain English

Analysis updated 2026-05-18

502RustAudience · developerComplexity · 3/5LicenseSetup · moderate

In one sentence

An open source Rust tool that creates encrypted vault files you can safely store on cloud storage or shared media, unlocked with a passphrase, hardware key, TPM, or post quantum keys.

Mindmap

mindmap
  root((LUKSbox))
    What it does
      Encrypted vault file
      Mounts as real drive
      Hides data from host
    Unlock methods
      Passphrase
      FIDO2 hardware key
      TPM chip
      Post quantum keys
    Tech stack
      Rust
    Audience
      Developers
      Security conscious users
    Status
      Pre-1.0
      Internally audited

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Store sensitive files on cloud storage like Dropbox or Google Drive without the provider being able to read them.

USE CASE 2

Encrypt a USB drive or shared media so the contents are unreadable if it is lost or handed to someone else.

USE CASE 3

Unlock an encrypted vault with a hardware security key or TPM chip instead of only a passphrase.

What is it built with?

Rust

How does it compare?

penthertz/luksboxopenabdev/openabgi-dellav/zerostack
Stars502480459
LanguageRustRustRust
Setup difficultymoderatemoderateeasy
Complexity3/53/52/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Pre-1.0 software without an independent third-party security audit yet, treat vaults as a travelling copy, not your only copy of important data.

Use freely for any purpose, including commercial use, as long as you keep the copyright and license notices.

So what is it?

LUKSbox is an open source encrypted vault tool that lets you store sensitive files in cloud storage, on USB drives, or other shared media without having to trust whoever controls that storage. The core idea is simple: you create a single encrypted container file, ending in .lbx, on your own machine, and that file gets uploaded to Dropbox, Google Drive, iCloud, or wherever you want. The cloud provider only ever sees a blob of random looking data. They cannot read it, and neither can anyone who later demands access from them. The vault mounts as a real drive on Linux, macOS, and Windows, so once unlocked you drag files in and out like normal. Unlocking requires one of several keyslots: a passphrase, a physical security key such as a YubiKey or Titan Key using the FIDO2 standard, a TPM chip built into a computer, or a hybrid approach that also uses post quantum encryption, ML-KEM-768 or ML-KEM-1024, to protect against future quantum computers that could break today's encryption. The vault header can be stored in a separate file on different storage, making the main container file completely opaque with no identifiable metadata. The project is built in Rust, released under the Apache 2.0 open source license, and is currently in pre 1.0 status. The on-disk format is described as locked, the cryptographic algorithms are established NIST and RFC standards, and the README reports 9 internal audit rounds plus more than 30 million fuzz test iterations, though an independent third party audit has not yet been completed. The README is explicit that a LUKSbox vault should be a travelling copy of data, not the only copy, since a corrupted container or lost keys means the data cannot be recovered.

Copy-paste prompts

Prompt 1
Explain how a LUKSbox vault keeps a cloud storage provider from reading my files, even under a legal request.
Prompt 2
Walk me through creating and mounting a LUKSbox vault using a passphrase and a FIDO2 hardware key.
Prompt 3
What does post quantum encryption mean here, and why would I want a hybrid ML-KEM keyslot?
Prompt 4
What happens if my LUKSbox vault file gets corrupted, and how should I back it up safely?

Frequently asked questions

What is luksbox?

An open source Rust tool that creates encrypted vault files you can safely store on cloud storage or shared media, unlocked with a passphrase, hardware key, TPM, or post quantum keys.

What language is luksbox written in?

Mainly Rust. The stack also includes Rust.

What license does luksbox use?

Use freely for any purpose, including commercial use, as long as you keep the copyright and license notices.

How hard is luksbox to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is luksbox for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.