1CRYPTSETUP(8) Maintenance Commands CRYPTSETUP(8)
2
6 cryptsetup - setup cryptographic volumes for dm-crypt (including LUKS
7 extension)
8
10 cryptsetup <options> <action> <action args>
11
13 cryptsetup is used to conveniently setup dm-crypt managed device-mapper
14 mappings. For basic (plain) dm-crypt mappings, there are four opera‐
15 tions.
16
18 These strings are valid for <action>, followed by their <action args>:
19 create <name> <device>
21 creates a mapping with <name> backed by device <device>.
23 <options> can be [--hash, --cipher, --verify-passphrase, --key-
25 file, --key-size, --offset, --skip, --readonly]
26 remove <name>
28 removes an existing mapping <name>.
30 status <name>
32 reports the status for the mapping <name>.
34 resize <name>
36 resizes an active mapping <name>.
38 If --size (in sectors) is not specified, the size of the under‐
40 lying block device is used.
41
43 LUKS, Linux Unified Key Setup, is a standard for hard disk encryption.
44 It standardizes a partition header, as well as the format of the bulk
45 data. LUKS can manage multiple passwords, that can be revoked effec‐
46 tively and that are protected against dictionary attacks with PBKDF2.
47 These are valid LUKS actions:
49 luksFormat <device> [<key file>]
51 initializes a LUKS partition and sets the initial key, either
53 via prompting or via <key file>.
54 <options> can be [--cipher, --verify-passphrase, --key-size,
56 --key-slot, --key-file (takes precedence over optional second
57 argument), --keyfile-size, --use-random | --use-urandom,
58 --uuid].
59 luksOpen <device> <name>
62 opens the LUKS partition <device> and sets up a mapping <name>
64 after successful verification of the supplied key material
65 (either via key file by --key-file, or via prompting).
66 <options> can be [--key-file, --keyfile-size, --readonly].
68 luksClose <name>
70 identical to remove.
72 luksSuspend <name>
74 suspends active device (all IO operations are frozen) and wipes
76 encryption key from kernel. Kernel version 2.6.19 or later is
77 required.
78 After that operation you have to use luksResume to reinstate
80 encryption key (and resume device) or luksClose to remove mapped
81 device.
82 WARNING: never try to suspend device where is the cryptsetup
84 binary itself.
85 luksResume <name>
87 Resumes suspended device and reinstates encryption key. You will
89 need provide passphrase identical to luksOpen command (using
90 prompting or key file).
91 <options> can be [--key-file, --keyfile-size]
93 luksAddKey <device> [<new key file>]
95 add a new key file/passphrase. An existing passphrase or key
97 file (via --key-file) must be supplied. The key file with the
98 new material is supplied as a positional argument.
99 <options> can be [--key-file, --keyfile-size, --new-keyfile-
101 size, --key-slot].
102 luksRemoveKey <device> [<key file>]
104 remove supplied key or key file from LUKS device
106 luksKillSlot <device> <key slot number>
108 wipe key with number <key slot> from LUKS device. A remaining
110 passphrase or key file (via --key-file) must be supplied.
111 <options> can be [--key-file, --keyfile-size].
113 luksUUID <device>
115 print UUID, if <device> has a LUKS header.
117 set new UUID if --uuid option is specified.
119 isLuks <device>
121 returns true, if <device> is a LUKS partition. Otherwise, false.
123 luksDump <device>
125 dumps the header information of a LUKS partition.
127 If --dump-master-key option is used, the volume (master) key is
129 dumped instead of keyslot info. Because this information can be
130 used to access encrypted device without passphrase knowledge
131 (even without LUKS header) use this option very carefully.
132 Dump with volume key (either printed or stored to file) should
134 be always stored encrypted and on safe place.
135 LUKS passphrase or key file is required for volume key dump.
137 <options> can be [--dump-master-key, --key-file, --keyfile-
139 size].
140 luksHeaderBackup <device> --header-backup-file <file>
142 Stores binary backup of LUKS header and keyslot areas.
144 WARNING: Please note that with this backup file (and old
146 passphrase knowledge) you can decrypt data even if old
147 passphrase was wiped from real device.
148 Also note that anti-forensic splitter is not used during manipu‐
150 lation with backup file.
151 luksHeaderRestore <device> --header-backup-file <file>
153 Restores binary backup of LUKS header and keyslot areas from
155 specified file.
156 WARNING: All the keyslot areas are overwritten, only active
158 keyslots form backup file are available after issuing this com‐
159 mand.
160 This command allows restoring header if device do not contain
162 LUKS header or if the master key size and data offset in LUKS
163 header on device match the backup file.
164 For more information about LUKS, see http://code.google.com/p/crypt‐
166 setup/wiki/Specification
167
170 --verbose, -v
171 Print more verbose messages.
172 --debug
174 Run in debug mode with full diagnostic logs.
175 --hash, -h
177 For create action specifies hash to use for password hashing.
178 For luksFormat action specifies hash used in LUKS key setup
180 scheme and volume key digest.
181 WARNING: setting hash other than sha1 causes LUKS device incom‐
183 patible with older version of cryptsetup.
184 The hash string is passed to libgcrypt, so all hash algorithms
186 are supported (for luksFormat algorithm must provide at least 20
187 byte long hash). Default is set during compilation, compatible
188 values with old version of cryptsetup are "ripemd160" for create
189 action and "sha1" for luksFormat.
190 Use cryptsetup --help to show defaults.
192 --cipher, -c
194 set cipher specification string.
195 Default mode is configurable during compilation, you can see
197 compiled-in default using cryptsetup --help. If not changed,
198 the default is for plain dm-crypt and LUKS mappings "aes-cbc-
199 essiv:sha256".
200 For pre-2.6.10 kernels, use "aes-plain" as they don't understand
202 the new cipher spec strings. To use ESSIV, use "aes-cbc-
203 essiv:sha256".
204 For XTS mode, kernel version 2.6.24 or more recent is required.
206 Use "aes-xts-plain" cipher specification and set key size to 256
207 (or 512) bits (see -s option).
208 --verify-passphrase, -y
210 query for passwords twice. Useful when creating a (regular) map‐
211 ping for the first time, or when running luksFormat.
212 --key-file, -d
214 use file as key material.
215 With LUKS, key material supplied in key files via -d are always
217 used for existing passphrases, except in luksFormat action where
218 -d is equivalent to positional key file argument. If you want
219 to set a new key via a key file, you have to use a positional
220 arg to luksAddKey.
221 If the key file is "-", stdin will be used. With the "-" key
223 file reading will not stop when new line character is detected.
224 See section NOTES ON PASSWORD PROCESSING for more information.
225 --keyfile-size, -d value
227 Limits read from keyfile to value bytes. Usable together with
228 all comands using key file.
229 --new-keyfile-size value
231 Limits read from new keyfile to value bytes in luksAddKey when
232 adding new key file. Default is exhaustive read from key file.
233 --master-key-file
235 Use pre-generated master key stored in file. For luksFormat it
236 allows LUKS header reformatting with the same master key (if all
237 other parameters are the same existing encrypted data remains
238 intact).
239 For luksAddKey it allows adding new passphrase with only master
241 key knowledge.
242 --dump-master-key
244 For luksDump it allows LUKS header dump including volume (mas‐
245 ter) key. Use with care (this information allows access to
246 device without passphrase knowledge).
247 See luksDump for more info.
249 --use-random
251 --use-urandom
253 For luksFormat it defines which kernel random number generator
254 will be used for long-term key (volume key).
255 See NOTES ON RNG for more information. Use cryptsetup --help to
257 show default RNG.
258 --key-slot, -S
260 For LUKS operations that add key material, this options allows
261 to you specify which key slot is selected for the new key. This
262 option can be used for luksFormat and luksAddKey.
263 --key-size, -s
265 set key size in bits.
266 Has to be a multiple of 8 bits. The key size is limited by the
268 used cipher. See output of /proc/crypto for more information.
269 Can be used for create or luksFormat, all other LUKS actions
270 will use key-size specified by the LUKS header. Default is set
271 during compilation, if not changed it is 256 bits.
272 Use cryptsetup --help to show defaults.
274 --size, -b
276 force the size of the underlying device in sectors. This option
277 is only relevant for create and resize action.
278 --offset, -o
280 start offset in the backend device (in 512-byte sectors). This
281 option is only relevant for create action.
282 --skip, -p
284 how many sectors of the encrypted data to skip at the beginning.
285 This is different from the --offset options with respect to IV
286 calculations. Using --offset will shift the IV calculation by
287 the same negative amount. Hence, if --offset n, sector n will be
288 the first sector on the mapping with IV 0. Using --skip would
289 have resulted in sector n being the first sector also, but with
290 IV n. This option is only relevant for create action.
291 --readonly
293 set up a read-only mapping.
294 --iter-time, -i
296 The number of milliseconds to spend with PBKDF2 password pro‐
297 cessing. This option is only relevant to the LUKS operations as
298 luksFormat or luksAddKey.
299 --batch-mode, -q
301 Do not ask for confirmation. Use with care! This option is only
302 relevant for luksFormat, luksAddKey, luksRemoveKey or luksKill‐
303 Slot.
304 --timeout, -t
306 The number of seconds to wait before timeout. This option is
307 relevant every time a password is asked, like create, luksOpen,
308 luksFormat or luksAddKey. It has no effect if used in conjunc‐
309 tion with --key-file.
310 --tries, -T
312 How often the input of the passphrase shall be retried. This
313 option is relevant every time a password is asked, like create,
314 luksOpen, luksFormat or luksAddKey. The default is 3 tries.
315 --align-payload=value
317 Align payload at a boundary of value 512-byte sectors. This
318 option is relevant for luksFormat. If not specified, cryptsetup
319 tries to use topology info provided by kernel for underlying
320 device to get optimal alignment. If not available (or calcu‐
321 lated value is multiple of default) data is by default aligned
322 to 1 MiB boundary (2048 512-byte sectors).
323 --uuid=UUID
325 Use provided UUID in luksFormat command instead of generating
326 new one or change existing UUID in luksUUID command.
327 The UUID must be provided in standard UUID format (e.g.
329 12345678-1234-1234-1234-123456789abc).
330 --version
332 Show the version.
333
336 From a terminal: Password processing is new-line sensitive, meaning the
337 reading will stop after encountering \n. It will process the read mate‐
338 rial (without newline) with the default hash or the hash given by
339 --hash. After hashing, it will be cropped to the key size given by -s.
340 From stdin: Reading will continue until EOF (so using e.g. /dev/random
342 as stdin will not work), with the trailing newline stripped. After that
343 the read data will be hashed with the default hash or the hash given by
344 --hash and the result will be cropped to the keysize given by -s. If
345 "plain" is used as an argument to the hash option, the input data will
346 not be hashed. Instead, it will be zero padded (if shorter than the
347 keysize) or truncated (if longer than the keysize) and used directly as
348 the key. No warning will be given if the amount of data read from stdin
349 is less than the keysize.
350 From a key file: It will be cropped to the size given by -s. If there
352 is insufficient key material in the key file, cryptsetup will quit with
353 an error.
354 If --key-file=- is used for reading the key from stdin, no trailing
356 newline is stripped from the input. Without that option, cryptsetup
357 strips trailing newlines from stdin input.
358
360 LUKS uses PBKDF2 to protect against dictionary attacks (see RFC 2898).
361 LUKS will always do an exhaustive password reading. Hence, password can
363 not be read from /dev/random, /dev/zero or any other stream that does
364 not terminate.
365 For any password creation action (luksAddKey, or luksFormat), the user
367 may specify how much the time the password processing should consume.
368 Increasing the time will lead to a more secure password, but also will
369 take luksOpen longer to complete. The default setting of one second is
370 sufficient for good security.
371
373 LUKS checks for a valid password or key when an encrypted partition is
374 unlocked. Thus the luksOpen action fails with invalid password or key,
375 contrary to the plain dm-crypt create action.
376 Please also be sure that you are using the same keyboard and language
378 setting as during device format.
379
381 The available combinations of ciphers, modes, hashes and key sizes
382 depend on kernel support. See /proc/crypto for a list of available
383 options. You might need to load additional kernel crypto modules in
384 order to get more options.
385 For --hash option all algorithms supported by gcrypt library are avail‐
387 able.
388
390 Mathematics can't be bribed. Make sure you keep your passwords safe.
391 There are a few nice tricks for constructing a fallback, when suddenly
392 out of (or after being) blue, your brain refuses to cooperate. These
393 fallbacks are possible with LUKS, as it's only possible with LUKS to
394 have multiple passwords.
395
397 Random Number Generator (RNG) used in cryptsetup always uses kernel RNG
398 without any modifications or additions to data stream procudes by ker‐
399 nel (like internal random pool operations or mixing with the other ran‐
400 dom sources).
401 There are two types of randomness cryptsetup/LUKS needs. One type
403 (which always uses /dev/urandom) is used for salt, AF splitter and for
404 wiping removed keyslot.
405 Second type is used for volume (master) key. You can switch between
407 using /dev/random and /dev/urandom here, see --use-random and --use-
408 urandom options. Using /dev/random on system without enough entropy
409 sources can cause luksFormat to block until the requested amount of
410 random data is gathered. See urandom(4) for more information.
411
413 cryptsetup is written by Christophe Saout <christophe@saout.de>
414 LUKS extensions, and man page by Clemens Fruhwirth <clemens@endor‐
415 phin.org>
416
418 The reload action is no longer supported. Please use dmsetup(8) if you
419 need to directly manipulate with the device mapping table.
420 The luksDelKey was replaced with luksKillSlot.
422
424 Report bugs to <dm-crypt@saout.de> or Issues section on LUKS website.
425 Please attach output of failed command with added --debug option.
426
428 Copyright © 2004 Christophe Saout
429 Copyright © 2004-2006 Clemens Fruhwirth
430 Copyright © 2009-2010 Red Hat, Inc.
431 This is free software; see the source for copying conditions. There is
433 NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
434 PURPOSE.
435
437 LUKS website, http://code.google.com/p/cryptsetup/
438cryptsetup CRYPTSETUP(8)