1CRYPTSETUP-LUKSRESUME(8) Maintenance Commands CRYPTSETUP-LUKSRESUME(8)
2
6 cryptsetup-luksResume - resume a suspended device and reinstate the key
7
9 cryptsetup luksResume [<options>] <name>
10
12 Resumes a suspended device and reinstates the encryption key. Prompts
13 interactively for a passphrase if no token is usable (LUKS2 only) or
14 --key-file is not given.
15 <options> can be [--key-file, --keyfile-size, --keyfile-offset,
17 --key-slot, --header, --disable-keyring, --disable-locks, --token-id,
18 --token-only, --token-type, --disable-external-tokens, --type, --tries,
19 --timeout, --verify-passphrase].
20
22 --type <device-type>
23 Specifies required device type, for more info read BASIC ACTIONS
24 section in cryptsetup(8).
25 --verify-passphrase, -y
27 When interactively asking for a passphrase, ask for it twice and
28 complain if both inputs do not match. Ignored on input from file or
29 stdin.
30 --key-file, -d name
32 Read the passphrase from file.
33 If the name given is "-", then the passphrase will be read from
35 stdin. In this case, reading will not stop at newline characters.
36 See section NOTES ON PASSPHRASE PROCESSING in cryptsetup(8) for
38 more information.
39 --keyfile-offset value
41 Skip value bytes at the beginning of the key file.
42 --keyfile-size, -l value
44 Read a maximum of value bytes from the key file. The default is to
45 read the whole file up to the compiled-in maximum that can be
46 queried with --help. Supplying more data than the compiled-in
47 maximum aborts the operation.
48 This option is useful to cut trailing newlines, for example. If
50 --keyfile-offset is also given, the size count starts after the
51 offset.
52 --key-slot, -S <0-N>
54 For LUKS operations that add key material, this option allows you
55 to specify which key slot is selected for the new key.
56 The maximum number of key slots depends on the LUKS version. LUKS1
58 can have up to 8 key slots. LUKS2 can have up to 32 key slots based
59 on key slot area size and key size, but a valid key slot ID can
60 always be between 0 and 31 for LUKS2.
61 --timeout, -t <number of seconds>
63 The number of seconds to wait before timeout on passphrase input
64 via terminal. It is relevant every time a passphrase is asked. It
65 has no effect if used in conjunction with --key-file.
66 This option is useful when the system should not stall if the user
68 does not input a passphrase, e.g. during boot. The default is a
69 value of 0 seconds, which means to wait forever.
70 --tries, -T
72 How often the input of the passphrase shall be retried. The default
73 is 3 tries.
74 --header <device or file storing the LUKS header>
76 Use a detached (separated) metadata device or file where the LUKS
77 header is stored. This option allows one to store ciphertext and
78 LUKS header on different devices.
79 For commands that change the LUKS header (e.g. luksAddKey), specify
81 the device or file with the LUKS header directly as the LUKS
82 device.
83 --disable-external-tokens
85 Disable loading of plugins for external LUKS2 tokens.
86 --disable-locks
88 Disable lock protection for metadata on disk. This option is valid
89 only for LUKS2 and ignored for other formats.
90 WARNING: Do not use this option unless you run cryptsetup in a
92 restricted environment where locking is impossible to perform
93 (where /run directory cannot be used).
94 --disable-keyring
96 Do not load volume key in kernel keyring and store it directly in
97 the dm-crypt target instead. This option is supported only for the
98 LUKS2 type.
99 --token-id
101 Specify what token to use and allow token PIN prompt to take
102 precedence over interative keyslot passphrase prompt. If omitted,
103 all available tokens (not protected by PIN) will be checked before
104 proceeding further with passphrase prompt.
105 --token-only
107 Do not proceed further with action if token based keyslot unlock
108 failed. Without the option, action asks for passphrase to proceed
109 further.
110 It allows LUKS2 tokens protected by PIN to take precedence over
112 interactive keyslot passphrase prompt.
113 --token-type type
115 Restrict tokens eligible for operation to specific token type.
116 Mostly useful when no --token-id is specified.
117 It allows LUKS2 type tokens protected by PIN to take precedence
119 over interactive keyslot passphrase prompt.
120 --batch-mode, -q
122 Suppresses all confirmation questions. Use with care!
123 If the --verify-passphrase option is not specified, this option
125 also switches off the passphrase verification.
126 --debug or --debug-json
128 Run in debug mode with full diagnostic logs. Debug output lines are
129 always prefixed by #.
130 If --debug-json is used, additional LUKS2 JSON data structures are
132 printed.
133 --version, -V
135 Show the program version.
136 --usage
138 Show short option help.
139 --help, -?
141 Show help text and default parameters.
142
144 Report bugs at cryptsetup mailing list <cryptsetup@lists.linux.dev> or
145 in Issues project section
146 <https://gitlab.com/cryptsetup/cryptsetup/-/issues/new>.
147 Please attach output of the failed command with --debug option added.
149
151 Cryptsetup FAQ
152 <https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions>
153 cryptsetup(8), integritysetup(8) and veritysetup(8)
155
157 Part of cryptsetup project <https://gitlab.com/cryptsetup/cryptsetup/>.
158cryptsetup 2.6.1 2023-07-19 CRYPTSETUP-LUKSRESUME(8)