April 2024 | ||||||
Mo | Tu | We | Th | Fr | Sa | Su |
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 | 12 |
cryptsetup is used to conveniently setup dm-crypt managed device-mapper mappings.
create <name> <device>
<options> can be [--hash, --cipher, --verify-passphrase, --key-file, --key-size, --offset, --skip, --size, --readonly, --shared, --allow-discards]
remove <name>
status <name>
resize <name>
If --size (in sectors) is not specified, the size of the underlying block device is used.
Each password, usually called a key in this document, is associated with a slot, of which there are typically 8. Key operations that do not specify a slot affect the first slot matching the supplied key.
These are valid LUKS actions:
luksFormat <device> [<key file>]
<options> can be [--cipher, --verify-passphrase, --key-size, --key-slot, --key-file (takes precedence over optional second argument), --keyfile-size, --use-random | --use-urandom, --uuid].
luksOpen <device> <name>
<options> can be [--key-file, --keyfile-size, --readonly, --allow-discards, --header, --key-slot].
luksClose <name>
luksSuspend <name>
After that operation you have to use luksResume to reinstate encryption key (and resume device) or luksClose to remove mapped device.
WARNING: never try to suspend device where is the cryptsetup binary itself.
<options> can be [--header].
luksResume <name>
<options> can be [--key-file, --keyfile-size, --header]
luksAddKey <device> [<new key file>]
<options> can be [--key-file, --keyfile-size, --new-keyfile-size, --key-slot].
luksRemoveKey <device> [<key file>]
luksChangeKey <device> [<new key file>]
If no key slot is specified (and there is still free key slot on device) new slot is allocated before the old is purged.
If --key-slot option is specified (or there is no free slot) command will overwrite existing slot.
WARNING: Be sure you have another slot active or header backup when using explicit key slot (so you can unlock the device even after possible media failure during slot swap).
<options> can be [--key-file, --keyfile-size,--new-keyfile-size, --key-slot].
luksKillSlot <device> <key slot number>
<options> can be [--key-file, --keyfile-size].
luksUUID <device>
set new UUID if --uuid option is specified.
isLuks <device>
luksDump <device>
If --dump-master-key option is used, the volume (master) key is dumped instead of keyslot info.
Because this information can be used to access encrypted device without passphrase knowledge (even without LUKS header) use this option very carefully.
Dump with volume key (either printed or stored to file) should be always stored encrypted and on safe place.
LUKS passphrase or key file is required for volume key dump.
<options> can be [--dump-master-key, --key-file, --keyfile-size].
luksHeaderBackup <device> --header-backup-file <file>
WARNING: Please note that with this backup file (and old passphrase knowledge) you can decrypt data even if old passphrase was wiped from real device.
Also note that anti-forensic splitter is not used during manipulation with backup file.
luksHeaderRestore <device> --header-backup-file <file>
WARNING: All the keyslot areas are overwritten, only active keyslots form backup file are available after issuing this command.
This command allows restoring header if device do not contain LUKS header or if the master key size and data offset in LUKS header on device match the backup file.
For more information about LUKS, see http://code.google.com/p/cryptsetup/wiki/Specification
loopaesOpen <device> <name> --key-file <keyfile>
N.B. If key file is in GPG encrypted format, you have to use --key-file=- and decrypt it before use. gpg --decrypt <keyfile> | cryptsetup loopaesOpen --key-file=- <device> <name>
Use --key-file to specify proper key length, default compiled-in parameters are visible in --help output.
Use --offset to specify device offset. Note the units need to be specified in 512 bytes sectors.
Use --skip to specify IV offset. If original device used offset and not used it in IV sector calculations, you have to explicitly use --skip 0 in addition to offset parameter.
Use --hash to override hash function for password hashing (otherwise it is detected according to key size).
<options> can be [--key-file, --key-size, --offset, --skip, --hash, --readonly, --allow-discards].
loopaesClose <name>
For more information about loop-AES, see http://loop-aes.sourceforge.net
For luksFormat action specifies hash used in LUKS key setup scheme and volume key digest.
WARNING: setting hash other than sha1 causes LUKS device incompatible with older version of cryptsetup.
The hash string is passed to libgcrypt, so all hash algorithms are supported (for luksFormat algorithm must provide at least 20 byte long hash). Default is set during compilation, compatible values with old version of cryptsetup are "ripemd160" for create action and "sha1" for luksFormat.
Use cryptsetup --help to show defaults.
Default mode is configurable during compilation, you can see compiled-in default using cryptsetup --help. If not changed, the default is for plain dm-crypt and LUKS mappings "aes-cbc-essiv:sha256".
For XTS mode, kernel version 2.6.24 or more recent is required. Use "aes-xts-plain64" cipher specification and set key size to 256 (or 512) bits (see -s option). Note that plain64 IV (Initialization Vector) is available since kernel version 2.6.33 and it is full 64bit version of plain IV. For more info please see FAQ.
With LUKS, key material supplied in key files via -d are always used for existing passphrases, except in luksFormat action where -d is equivalent to positional key file argument.
If you want to set a new key via a key file, you have to use a positional arg to luksAddKey.
If the key file is "-", stdin will be used. With the "-" key file reading will not stop when new line character is detected.
See section NOTES ON PASSWORD PROCESSING for more information.
For luksAddKey it allows adding new passphrase with only master key knowledge.
See luksDump for more info.
See NOTES ON RNG for more information. Use cryptsetup --help to show default RNG.
Has to be a multiple of 8 bits. The key size is limited by the used cipher.
See output of /proc/crypto for more information.
Can be used for create or luksFormat, all other LUKS actions will use key-size specified by the LUKS header. Default is set during compilation, if not changed it is 256 bits.
Use cryptsetup --help to show defaults.
If not specified, cryptsetup tries to use topology info provided by kernel for underlying device to get optimal alignment. If not available (or calculated value is multiple of default) data is by default aligned to 1 MiB boundary (2048 512-byte sectors).
For detached LUKS header it specifies offset on data device. See also --header option.
The UUID must be provided in standard UUID format (e.g. 12345678-1234-1234-1234-123456789abc).
WARNING: Assess the specific security risks carefully before enabling this option. For example, allowing discards on encrypted devices may lead to the leak of information about the ciphertext device (filesystem type, used space etc.) if the discarded blocks can be located easily on the device later.
Kernel version 3.1 or more recent is required. For older versions is the option ignored.
This options allows separation of ciphertext device and on-disk metadata header.
This option is only relevant for LUKS devices and can be used in luksFormat, luksOpen, luksSuspend, luksResume and resize commands.
If used with luksFormat the --align-payload option is taken as absolute sector alignment on ciphertext device and can be zero.
For other commands with separated metadata device you have to always specify path to metadata device (not to the ciphertext device).
WARNING: There is no possible check that specified ciphertext device is correct if on-disk header is detached. Use with care.
Error codes are: 1 wrong parameters, 2 no permission (bad passphrase), 3 out of memory, 4 wrong device specified, 5 device already exists or device is busy.
From stdin: Reading will continue until EOF (or until maximum input size is reached), with the trailing newline stripped. The maximum input size is defined by the same compiled-in default as for the maximum key file size or can be overwrittten using --keysfile-size option.
After that the read data will be hashed with the default hash or the hash given by --hash and the result will be cropped to the keysize given by -s.
If "plain" is used as an argument to the hash option, the input data will not be hashed. Instead, it will be zero padded (if shorter than the keysize) or truncated (if longer than the keysize) and used directly as the key. No warning will be given if the amount of data read from stdin is less than the keysize.
From a key file: It will be cropped to the size given by -s. If there is insufficient key material in the key file, cryptsetup will quit with an error.
If --key-file=- is used for reading the key from stdin, no trailing newline is stripped from the input. Without that option, cryptsetup strips trailing newlines from stdin input.
LUKS will always do an exhaustive password reading. Hence, password can not be read from /dev/random, /dev/zero or any other stream that does not terminate. To prevent exhausting of system memory, cryptsetup limits maximum key file size. Compiled-in default is displayed in --help output. You can limit reads from key file using --key-size option, this option takes precedence over compiled-in default.
For any password creation action (luksAddKey, or luksFormat), the user may specify how much the time the password processing should consume. Increasing the time will lead to a more secure password, but also will take luksOpen longer to complete. The default setting of one second is sufficient for good security.
Please also be sure that you are using the same keyboard and language setting as during device format.
For --hash option all algorithms supported by gcrypt library are available.
There are two types of randomness cryptsetup/LUKS needs. One type (which always uses /dev/urandom) is used for salt, AF splitter and for wiping removed keyslot.
Second type is used for volume (master) key. You can switch between using /dev/random and /dev/urandom here, see --use-random and --use-urandom options. Using /dev/random on system without enough entropy sources can cause luksFormat to block until the requested amount of random data is gathered. See urandom(4) for more information.
When device mapping is active, you can see loop backing file in status command output. Also see losetup(8).
The reload action is no longer supported. Please use dmsetup(8) if you need to directly manipulate with the device mapping table.
The luksDelKey was replaced with luksKillSlot.
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.