pmt-ehd(8)

1pmt-ehd(8)                         pam_mount                        pmt-ehd(8)
2
3
4

Name

6       pmt-ehd - create an encrypted disk image
7

Syntax

9       pmt-ehd  [-DFx]  [-c  fscipher]  [-h  hash]  [-k  fscipher_keybits] [-t
10       fstype] -f container_path -s size_in_mb
11

Options

13       Mandatory options that are absent are inquired interactively, and  pmt-
14       ehd will exit if stdin is not a terminal.
15
16       -D     Turn on debugging strings.
17
18       -F     Force operation that would otherwise ask for interactive confir‐
19              mation. Multiple -F can be specified to apply more force.
20
21       -c cipher
22              The cipher to be used for the  filesystem.  This  can  take  any
23              value  that  cryptsetup(8)  recognizes,  usually  in the form of
24              "cipher-mode[-extras]".   Recommended  are  aes-cbc-essiv:sha256
25              (this is the default) or aes-xts-essiv:sha256.
26
27       -f path
28              Store  the  new  disk image at path. If the file already exists,
29              pmt-ehd will prompt before overwriting unless -F  is  given.  If
30              path refers to a symlink, pmt-ehd will act even more cautious.
31
32       -h hash
33              Message digest/hash used for key derivation in the PBKDF2 stage.
34              The default is sha512.
35
36       -i cipher
37              (This option had been removed in pam_mount/pmt_ehd 2.11.)
38
39       -k keybits
40              The keysize for the cipher specified with -c. Some ciphers  sup‐
41              port  multiple  keysizes,  AES  for example is available with at
42              least the keysizes 192 and 256.  Defaults to 256 (to match  aes-
43              cbc-essiv). Note that XTS uses two keys, but drawn from the same
44              key material, so aes-cbc-256 is equivalent to  aes-xts-512,  and
45              aes-cbc-128 is to aes-xts-256.
46
47       -p path
48              (This option had been removed in pam_mount/pmt_ehd 2.11.)
49
50       -s size
51              The initial size of the encrypted filesystem, in megabytes. This
52              option is ignored when the filesystem  is  created  on  a  block
53              device.
54
55       -t fstype
56              Filesystem to use for the encrypted filesystem. Defaults to xfs.
57
58       -u user
59              Give  the container and fskey files to user (because the program
60              is usually runs as root, and the files  would  otherwise  retain
61              root ownership).
62
63       -x     Do  not  initialize  the  container  with random bytes. This may
64              impact secrecy.
65
66   Description
67       pmt-ehd can be used to create a new encrypted container,  and  replaces
68       the  previous mkehd script as well as any HOWTOs that explain how to do
69       it manually.  Without any arguments, pmt-ehd will interactively ask for
70       all  missing  parameters.  To create a container with a size of 256 MB,
71       use:
72
73       pmt-ehd -f /home/user.cont -s 256
74
75
76
77pam_mount                         2011-Aug-05                       pmt-ehd(8)