pmt-ehd(8)

1pmt-ehd(8)                         pam_mount                        pmt-ehd(8)
2
3
4

Name

6       pmt-ehd - create an encrypted disk image
7

Syntax

9       pmt-ehd  [-DFx] [-c fscipher] [-h digest] [-i cipher] [-k fscipher_key‐
10       bits] [-t fstype] -f container_path -p fskey_path -s size_in_mb
11

Options

13       Mandatory options that are absent are inquired interactively, and  pmt-
14       ehd will exit if stdin is not a terminal.
15
16       -D     Turn on debugging strings.
17
18       -F     Force operation that would otherwise ask for interactive confir‐
19              mation. Multiple -F can be specified to apply more force.
20
21       -c cipher
22              The cipher to be used for the  filesystem.  This  can  take  any
23              value  that  cryptsetup(8)  recognizes,  usually  in the form of
24              "cipher-mode[-extras]".   Recommended  are  aes-cbc-essiv:sha256
25              (this is the default) or blowfish-cbc-essiv:sha256.
26
27       -f path
28              Store  the  new  disk image at path. If the file already exists,
29              pmt-ehd will prompt before overwriting unless -F  is  given.  If
30              path refers to a symlink, pmt-ehd will act even more cautious.
31
32       -h digest
33              Digest  used  for  fskey  derivation from the password. This can
34              take any value that OpenSSL recognizes. The default is sha1.
35
36       -i cipher
37              Cipher used for the filesystem key (not the encrypted filesystem
38              itself).  This  can take any value that OpenSSL recognizes, usu‐
39              ally  in  the  form  of  "cipher-keysize-mode".  Recommended  is
40              aes-256-cbc (this is the default).
41
42       -k keybits
43              The  keysize for the cipher specified with -c. Some ciphers sup‐
44              port multiple keysizes, AES for example  is  available  with  at
45              least   the   keysizes   192  and  256.   Example:  -c  aes-cbc-
46              essiv:sha256 -k 192.
47
48       -p path
49              Store the filesystem key at path.  The  filesystem  key  is  the
50              ultimate  key  to  open the encrypted filesystem, and the fs key
51              itself is encrypted with your password.
52
53       -s size
54              The initial size of the encrypted filesystem, in megabytes. This
55              option  is  ignored  when  the  filesystem is created on a block
56              device.
57
58       -t fstype
59              Filesystem to use for the encrypted filesystem. Defaults to xfs.
60
61       -u user
62              Give the container and fskey files to user (because the  program
63              is  usually  runs  as root, and the files would otherwise retain
64              root ownership).
65
66       -x     Do not initialize the container  with  random  bytes.  This  may
67              impact secrecy.
68
69   Description
70       pmt-ehd  can  be used to create a new encrypted container, and replaces
71       the previous mkehd script as well as any HOWTOs that explain how to  do
72       it manually.  Without any arguments, pmt-ehd will interactively ask for
73       all missing parameters. To create a container with a size  of  256  MB,
74       use:
75
76       pmt-ehd -f /home/user.key -p /home/user.enc -s 256
77
78
79
80pam_mount                         2008-09-16                        pmt-ehd(8)