1CRYPTSETUP-TCRYPTDUMP(8)     Maintenance Commands     CRYPTSETUP-TCRYPTDUMP(8)
2
3
4

NAME

6       cryptsetup-tcryptDump - dump the header information of a TCRYPT
7       (TrueCrypt or VeraCrypt compatible) device
8

SYNOPSIS

10       cryptsetup tcryptDump [<options>] <device>
11

DESCRIPTION

13       Dump the header information of a TCRYPT (TrueCrypt or VeraCrypt
14       compatible) device.
15
16       If the --dump-volume-key option is used, the TCRYPT device volume key
17       is dumped instead of TCRYPT header info. Beware that the volume key (or
18       concatenated volume keys if cipher chain is used) can be used to
19       decrypt the data stored in the TCRYPT container without a passphrase.
20       This means that if the volume key is compromised, the whole device has
21       to be erased to prevent further access. Use this option carefully.
22
23       <options> can be [--dump-volume-key, --key-file, --tcrypt-hidden,
24       --tcrypt-system, --tcrypt-backup, --veracrypt (ignored),
25       --disable-veracrypt, --veracrypt-pim, --veracrypt-query-pim, --cipher,
26       --hash, --header, --verify-passphrase, --timeout].
27
28       The keyfile parameter allows a combination of file content with the
29       passphrase and can be repeated.
30

OPTIONS

32       --hash, -h <hash-spec>
33           Specifies the passphrase hash. Applies to plain and loopaes device
34           types only.
35
36           For tcrypt device type, it restricts checked PBKDF2 variants when
37           looking for header.
38
39       --cipher, -c <cipher-spec>
40           Set the cipher specification string for plain device type.
41
42           For tcrypt device type it restricts checked cipher chains when
43           looking for header.
44
45       --verify-passphrase, -y
46           When interactively asking for a passphrase, ask for it twice and
47           complain if both inputs do not match. Ignored on input from file or
48           stdin.
49
50       --key-file, -d name
51           Read the passphrase from file.
52
53           If the name given is "-", then the passphrase will be read from
54           stdin. In this case, reading will not stop at newline characters.
55
56           With LUKS, the passphrase supplied via --key-file is always the
57           existing passphrase requested by a command, except in the case of
58           luksFormat where --key-file is equivalent to the positional key
59           file argument.
60
61           If you want to set a new passphrase via key file, you have to use a
62           positional argument to luksAddKey.
63
64           See section NOTES ON PASSPHRASE PROCESSING in cryptsetup(8) for
65           more information.
66
67       --dump-volume-key, --dump-master-key (OBSOLETE alias)
68           Print the volume key in the displayed information. Use with care,
69           as the volume key can be used to bypass the passphrases, see also
70           option --volume-key-file.
71
72       --timeout, -t <number of seconds>
73           The number of seconds to wait before timeout on passphrase input
74           via terminal. It is relevant every time a passphrase is asked. It
75           has no effect if used in conjunction with --key-file.
76
77           This option is useful when the system should not stall if the user
78           does not input a passphrase, e.g. during boot. The default is a
79           value of 0 seconds, which means to wait forever.
80
81       --header <device or file storing the LUKS header>
82           Use a detached (separated) metadata device or file where the LUKS
83           header is stored. This option allows one to store ciphertext and
84           LUKS header on different devices.
85
86           For commands that change the LUKS header (e.g. luksAddKey), specify
87           the device or file with the LUKS header directly as the LUKS
88           device.
89
90       --tcrypt-hidden, --tcrypt-system, --tcrypt-backup
91           Specify which TrueCrypt on-disk header will be used to open the
92           device. See TCRYPT section in cryptsetup(8) for more info.
93
94       --veracrypt
95           This option is ignored as VeraCrypt compatible mode is supported by
96           default.
97
98       --disable-veracrypt
99           This option can be used to disable VeraCrypt compatible mode (only
100           TrueCrypt devices are recognized). Only for TCRYPT extension. See
101           TCRYPT section in cryptsetup(8) for more info.
102
103       --veracrypt-pim, --veracrypt-query-pim
104           Use a custom Personal Iteration Multiplier (PIM) for VeraCrypt
105           device. See TCRYPT section in cryptsetup(8) for more info.
106
107       --batch-mode, -q
108           Suppresses all confirmation questions. Use with care!
109
110           If the --verify-passphrase option is not specified, this option
111           also switches off the passphrase verification.
112
113       --debug or --debug-json
114           Run in debug mode with full diagnostic logs. Debug output lines are
115           always prefixed by #.
116
117           If --debug-json is used, additional LUKS2 JSON data structures are
118           printed.
119
120       --version, -V
121           Show the program version.
122
123       --usage
124           Show short option help.
125
126       --help, -?
127           Show help text and default parameters.
128

REPORTING BUGS

130       Report bugs at cryptsetup mailing list <cryptsetup@lists.linux.dev> or
131       in Issues project section
132       <https://gitlab.com/cryptsetup/cryptsetup/-/issues/new>.
133
134       Please attach output of the failed command with --debug option added.
135

SEE ALSO

137       Cryptsetup FAQ
138       <https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions>
139
140       cryptsetup(8), integritysetup(8) and veritysetup(8)
141

CRYPTSETUP

143       Part of cryptsetup project <https://gitlab.com/cryptsetup/cryptsetup/>.
144
145
146
147cryptsetup 2.5.0                  2022-07-28          CRYPTSETUP-TCRYPTDUMP(8)
Impressum