1CRYPTSETUP-LUKSRESUME(8)     Maintenance Commands     CRYPTSETUP-LUKSRESUME(8)
2
3
4

NAME

6       cryptsetup-luksResume - resume a suspended device and reinstate the key
7

SYNOPSIS

9       cryptsetup luksResume [<options>] <name>
10

DESCRIPTION

12       Resumes a suspended device and reinstates the encryption key. Prompts
13       interactively for a passphrase if no token is usable (LUKS2 only) or
14       --key-file is not given.
15
16       <options> can be [--key-file, --keyfile-size, --keyfile-offset,
17       --key-slot, --header, --disable-keyring, --disable-locks, --token-id,
18       --token-only, --token-type, --disable-external-tokens, --type, --tries,
19       --timeout, --verify-passphrase].
20

OPTIONS

22       --type <device-type>
23           Specifies required device type, for more info read BASIC ACTIONS
24           section in cryptsetup(8).
25
26       --verify-passphrase, -y
27           When interactively asking for a passphrase, ask for it twice and
28           complain if both inputs do not match. Ignored on input from file or
29           stdin.
30
31       --key-file, -d name
32           Read the passphrase from file.
33
34           If the name given is "-", then the passphrase will be read from
35           stdin. In this case, reading will not stop at newline characters.
36
37           See section NOTES ON PASSPHRASE PROCESSING in cryptsetup(8) for
38           more information.
39
40       --keyfile-offset value
41           Skip value bytes at the beginning of the key file.
42
43       --keyfile-size, -l value
44           Read a maximum of value bytes from the key file. The default is to
45           read the whole file up to the compiled-in maximum that can be
46           queried with --help. Supplying more data than the compiled-in
47           maximum aborts the operation.
48
49           This option is useful to cut trailing newlines, for example. If
50           --keyfile-offset is also given, the size count starts after the
51           offset.
52
53       --key-slot, -S <0-N>
54           For LUKS operations that add key material, this option allows you
55           to specify which key slot is selected for the new key.
56
57           The maximum number of key slots depends on the LUKS version. LUKS1
58           can have up to 8 key slots. LUKS2 can have up to 32 key slots based
59           on key slot area size and key size, but a valid key slot ID can
60           always be between 0 and 31 for LUKS2.
61
62       --timeout, -t <number of seconds>
63           The number of seconds to wait before timeout on passphrase input
64           via terminal. It is relevant every time a passphrase is asked. It
65           has no effect if used in conjunction with --key-file.
66
67           This option is useful when the system should not stall if the user
68           does not input a passphrase, e.g. during boot. The default is a
69           value of 0 seconds, which means to wait forever.
70
71       --tries, -T
72           How often the input of the passphrase shall be retried. The default
73           is 3 tries.
74
75       --header <device or file storing the LUKS header>
76           Use a detached (separated) metadata device or file where the LUKS
77           header is stored. This option allows one to store ciphertext and
78           LUKS header on different devices.
79
80           For commands that change the LUKS header (e.g. luksAddKey), specify
81           the device or file with the LUKS header directly as the LUKS
82           device.
83
84       --disable-external-tokens
85           Disable loading of plugins for external LUKS2 tokens.
86
87       --disable-locks
88           Disable lock protection for metadata on disk. This option is valid
89           only for LUKS2 and ignored for other formats.
90
91           WARNING: Do not use this option unless you run cryptsetup in a
92           restricted environment where locking is impossible to perform
93           (where /run directory cannot be used).
94
95       --disable-keyring
96           Do not load volume key in kernel keyring and store it directly in
97           the dm-crypt target instead. This option is supported only for the
98           LUKS2 type.
99
100       --token-id
101           Specify what token to use and allow token PIN prompt to take
102           precedence over interative keyslot passphrase prompt. If omitted,
103           all available tokens (not protected by PIN) will be checked before
104           proceeding further with passphrase prompt.
105
106       --token-only
107           Do not proceed further with action if token based keyslot unlock
108           failed. Without the option, action asks for passphrase to proceed
109           further.
110
111           It allows LUKS2 tokens protected by PIN to take precedence over
112           interactive keyslot passphrase prompt.
113
114       --token-type type
115           Restrict tokens eligible for operation to specific token type.
116           Mostly useful when no --token-id is specified.
117
118           It allows LUKS2 type tokens protected by PIN to take precedence
119           over interactive keyslot passphrase prompt.
120
121       --batch-mode, -q
122           Suppresses all confirmation questions. Use with care!
123
124           If the --verify-passphrase option is not specified, this option
125           also switches off the passphrase verification.
126
127       --debug or --debug-json
128           Run in debug mode with full diagnostic logs. Debug output lines are
129           always prefixed by #.
130
131           If --debug-json is used, additional LUKS2 JSON data structures are
132           printed.
133
134       --version, -V
135           Show the program version.
136
137       --usage
138           Show short option help.
139
140       --help, -?
141           Show help text and default parameters.
142

REPORTING BUGS

144       Report bugs at cryptsetup mailing list <cryptsetup@lists.linux.dev> or
145       in Issues project section
146       <https://gitlab.com/cryptsetup/cryptsetup/-/issues/new>.
147
148       Please attach output of the failed command with --debug option added.
149

SEE ALSO

151       Cryptsetup FAQ
152       <https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions>
153
154       cryptsetup(8), integritysetup(8) and veritysetup(8)
155

CRYPTSETUP

157       Part of cryptsetup project <https://gitlab.com/cryptsetup/cryptsetup/>.
158
159
160
161cryptsetup 2.6.1                  2023-07-19          CRYPTSETUP-LUKSRESUME(8)
Impressum