1CRYPTSETUP-LUKSRESUME(8) Maintenance Commands CRYPTSETUP-LUKSRESUME(8)
2
6 cryptsetup-luksResume - resume a suspended device and reinstate the key
7
9 cryptsetup luksResume [<options>] <name>
10
12 Resumes a suspended device and reinstates the encryption key. Prompts
13 interactively for a passphrase if no token is usable (LUKS2 only) or
14 --key-file is not given.
15 <options> can be [--key-file, --keyfile-size, --keyfile-offset,
17 --key-slot, --header, --disable-keyring, --disable-locks, --token-id,
18 --token-only, --token-type, --disable-external-tokens, --type, --tries,
19 --timeout, --verify-passphrase].
20
22 --type <device-type>
23 Specifies required device type, for more info read BASIC ACTIONS
24 section in cryptsetup(8).
25 --verify-passphrase, -y
27 When interactively asking for a passphrase, ask for it twice and
28 complain if both inputs do not match. Ignored on input from file or
29 stdin.
30 --key-file, -d name
32 Read the passphrase from file.
33 If the name given is "-", then the passphrase will be read from
35 stdin. In this case, reading will not stop at newline characters.
36 With LUKS, the passphrase supplied via --key-file is always the
38 existing passphrase requested by a command, except in the case of
39 luksFormat where --key-file is equivalent to the positional key
40 file argument.
41 If you want to set a new passphrase via key file, you have to use a
43 positional argument to luksAddKey.
44 See section NOTES ON PASSPHRASE PROCESSING in cryptsetup(8) for
46 more information.
47 --keyfile-offset value
49 Skip value bytes at the beginning of the key file.
50 --keyfile-size, -l value
52 Read a maximum of value bytes from the key file. The default is to
53 read the whole file up to the compiled-in maximum that can be
54 queried with --help. Supplying more data than the compiled-in
55 maximum aborts the operation.
56 This option is useful to cut trailing newlines, for example. If
58 --keyfile-offset is also given, the size count starts after the
59 offset.
60 --key-slot, -S <0-N>
62 For LUKS operations that add key material, this option allows you
63 to specify which key slot is selected for the new key.
64 The maximum number of key slots depends on the LUKS version. LUKS1
66 can have up to 8 key slots. LUKS2 can have up to 32 key slots based
67 on key slot area size and key size, but a valid key slot ID can
68 always be between 0 and 31 for LUKS2.
69 --timeout, -t <number of seconds>
71 The number of seconds to wait before timeout on passphrase input
72 via terminal. It is relevant every time a passphrase is asked. It
73 has no effect if used in conjunction with --key-file.
74 This option is useful when the system should not stall if the user
76 does not input a passphrase, e.g. during boot. The default is a
77 value of 0 seconds, which means to wait forever.
78 --tries, -T
80 How often the input of the passphrase shall be retried. The default
81 is 3 tries.
82 --header <device or file storing the LUKS header>
84 Use a detached (separated) metadata device or file where the LUKS
85 header is stored. This option allows one to store ciphertext and
86 LUKS header on different devices.
87 For commands that change the LUKS header (e.g. luksAddKey), specify
89 the device or file with the LUKS header directly as the LUKS
90 device.
91 --disable-external-tokens
93 Disable loading of plugins for external LUKS2 tokens.
94 --disable-locks
96 Disable lock protection for metadata on disk. This option is valid
97 only for LUKS2 and ignored for other formats.
98 WARNING: Do not use this option unless you run cryptsetup in a
100 restricted environment where locking is impossible to perform
101 (where /run directory cannot be used).
102 --disable-keyring
104 Do not load volume key in kernel keyring and store it directly in
105 the dm-crypt target instead. This option is supported only for the
106 LUKS2 type.
107 --token-id
109 Specify what token to use. If omitted, all available tokens will be
110 checked before proceeding further with passphrase prompt.
111 --token-only
113 Do not proceed further with action if token based keyslot unlock
114 failed. Without the option, action asks for passphrase to proceed
115 further.
116 --token-type
118 Restrict tokens eligible for operation to specific token type
119 (name). Mostly useful when no --token-id is specified.
120 --batch-mode, -q
122 Suppresses all confirmation questions. Use with care!
123 If the --verify-passphrase option is not specified, this option
125 also switches off the passphrase verification.
126 --debug or --debug-json
128 Run in debug mode with full diagnostic logs. Debug output lines are
129 always prefixed by #.
130 If --debug-json is used, additional LUKS2 JSON data structures are
132 printed.
133 --version, -V
135 Show the program version.
136 --usage
138 Show short option help.
139 --help, -?
141 Show help text and default parameters.
142
144 Report bugs at cryptsetup mailing list <cryptsetup@lists.linux.dev> or
145 in Issues project section
146 <https://gitlab.com/cryptsetup/cryptsetup/-/issues/new>.
147 Please attach output of the failed command with --debug option added.
149
151 Cryptsetup FAQ
152 <https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions>
153 cryptsetup(8), integritysetup(8) and veritysetup(8)
155
157 Part of cryptsetup project <https://gitlab.com/cryptsetup/cryptsetup/>.
158cryptsetup 2.5.0 2022-07-28 CRYPTSETUP-LUKSRESUME(8)