1 .TH CRYPTSETUP "8" "" "cryptsetup" "Maintenance Commands"
3 cryptsetup - setup cryptographic volumes for dm-crypt (including LUKS extension)
5 .B cryptsetup <options> <action> <action args>
8 cryptsetup is used to conveniently setup dm-crypt managed device-mapper mappings.
9 For basic (plain) dm-crypt mappings, there are four operations.
11 These strings are valid for \fB<action>\fR, followed by their \fB<action args>\fR:
13 \fIcreate\fR <name> <device>
15 creates a mapping with <name> backed by device <device>.
17 \fB<options>\fR can be [\-\-hash, \-\-cipher, \-\-verify-passphrase,
18 \-\-key-file, \-\-key-size, \-\-offset, \-\-skip, \-\-readonly]
22 removes an existing mapping <name>.
26 reports the status for the mapping <name>.
30 resizes an active mapping <name>.
32 If \-\-size (in sectors) is not specified, the size of the underlying block device is used.
34 LUKS, Linux Unified Key Setup, is a standard for hard disk encryption.
35 It standardizes a partition header, as well as the format of the bulk data.
36 LUKS can manage multiple passwords, that can be revoked effectively
37 and that are protected against dictionary attacks with PBKDF2.
39 These are valid LUKS actions:
41 \fIluksFormat\fR <device> [<key file>]
43 initializes a LUKS partition and sets the initial key, either via prompting or via <key file>.
45 \fB<options>\fR can be [\-\-cipher, \-\-verify-passphrase, \-\-key-size,
46 \-\-key-slot, \-\-key-file (takes precedence over optional second argument),
47 \-\-keyfile-size, \-\-use-random | \-\-use-urandom, \-\-uuid].
49 \fIluksOpen\fR <device> <name>
51 opens the LUKS partition <device> and sets up a mapping <name> after
52 successful verification of the supplied key material
53 (either via key file by \-\-key-file, or via prompting).
55 \fB<options>\fR can be [\-\-key-file, \-\-keyfile-size, \-\-readonly].
57 \fIluksClose\fR <name>
59 identical to \fIremove\fR.
61 \fIluksSuspend\fR <name>
63 suspends active device (all IO operations are frozen) and wipes encryption
64 key from kernel. Kernel version 2.6.19 or later is required.
66 After that operation you have to use \fIluksResume\fR to reinstate
67 encryption key (and resume device) or \fIluksClose\fR to remove mapped device.
69 \fBWARNING:\fR never try to suspend device where is the cryptsetup binary itself.
71 \fIluksResume\fR <name>
73 Resumes suspended device and reinstates encryption key. You will need provide passphrase
74 identical to \fIluksOpen\fR command (using prompting or key file).
76 \fB<options>\fR can be [\-\-key-file, \-\-keyfile-size]
78 \fIluksAddKey\fR <device> [<new key file>]
80 add a new key file/passphrase. An existing passphrase or key file
81 (via \-\-key-file) must be supplied.
82 The key file with the new material is supplied as a positional argument.
84 \fB<options>\fR can be [\-\-key-file, \-\-keyfile-size, \-\-new-keyfile-size, \-\-key-slot].
86 \fIluksRemoveKey\fR <device> [<key file>]
88 remove supplied key or key file from LUKS device
90 \fIluksChangeKey\fR <device> [<new key file>]
92 change existing key file or passphrase. An existing passphrase
93 or key file (via \-\-key-file) must be supplied.
94 The key file with the new material is supplied as a positional argument.
96 If no key slot is specified (and there is still free key slot on device)
97 new slot is allocated before the old is purged.
99 If \fB\-\-key\-slot\fR option is specified (or there is no free slot)
100 command will overwrite existing slot.
102 \fBWARNING:\fR Be sure you have another slot active or header backup
103 when using explicit key slot (so you can unlock the device even after
104 possible media failure during slot swap).
106 \fB<options>\fR can be [\-\-key-file, \-\-keyfile-size,\-\-new-keyfile-size,
109 \fIluksKillSlot\fR <device> <key slot number>
111 wipe key with number <key slot> from LUKS device. A remaining passphrase or
112 key file (via \-\-key-file) must be supplied.
114 \fB<options>\fR can be [\-\-key-file, \-\-keyfile-size].
116 \fIluksUUID\fR <device>
118 print UUID, if <device> has a LUKS header.
120 set new UUID if \fI\-\-uuid\fR option is specified.
122 \fIisLuks\fR <device>
124 returns true, if <device> is a LUKS partition. Otherwise, false.
126 \fIluksDump\fR <device>
128 dumps the header information of a LUKS partition.
130 If \-\-dump-master-key option is used, the volume (master) key is dumped
131 instead of keyslot info.
133 Because this information can be used to access encrypted device without
134 passphrase knowledge (even without LUKS header) use this option
137 Dump with volume key (either printed or stored to file) should be always
138 stored encrypted and on safe place.
140 LUKS passphrase or key file is required for volume key dump.
142 \fB<options>\fR can be [\-\-dump-master-key, \-\-key-file, \-\-keyfile-size].
144 \fIluksHeaderBackup\fR <device> \-\-header-backup-file <file>
146 Stores binary backup of LUKS header and keyslot areas.
148 \fBWARNING:\fR Please note that with this backup file (and old passphrase
149 knowledge) you can decrypt data even if old passphrase was wiped from real device.
151 Also note that anti-forensic splitter is not used during manipulation with backup file.
153 \fIluksHeaderRestore\fR <device> \-\-header-backup-file <file>
155 Restores binary backup of LUKS header and keyslot areas from specified file.
157 \fBWARNING:\fR All the keyslot areas are overwritten, only active keyslots
158 form backup file are available after issuing this command.
160 This command allows restoring header if device do not contain LUKS header
161 or if the master key size and data offset in LUKS header on device match the backup file.
163 For more information about LUKS, see
164 \fBhttp://code.google.com/p/cryptsetup/wiki/Specification\fR
165 .SH loop-AES EXTENSION
166 cryptsetup supports mapping of loop-AES encrypted partition using
167 compatible dm-crypt mode.
169 \fIloopaesOpen\fR <device> <name> \-\-key-file <keyfile>
171 opens the loop-AES <device> and sets up a mapping <name>.
173 N.B. If keyfile is in GPG encrypted format, you have to use
174 \-\-key-file=- and decrypt it before use.
175 gpg --decrypt <keyfile> | cryptsetup loopaesOpen \-\-key-file=- <device> <name>
177 Use \-\-key-file to specify proper key length, default compiled-in
178 parameters are visible in \-\-help output.
180 \fB<options>\fR can be [\-\-key-file, \-\-key-size, \-\-offset, \-\-readonly].
182 \fIloopaesClose\fR <name>
184 identical to \fIremove\fR.
186 For more information about loop-AES, see \fBhttp://loop-aes.sourceforge.net\fR
189 .B "\-\-verbose, \-v"
190 Print more verbose messages.
193 Run in debug mode with full diagnostic logs.
196 For \fIcreate\fR action specifies hash to use for password hashing.
198 For \fIluksFormat\fR action specifies hash used in LUKS key setup scheme
199 and volume key digest.
201 \fBWARNING:\fR setting hash other than \fBsha1\fR causes LUKS device
202 incompatible with older version of cryptsetup.
204 The hash string is passed to libgcrypt, so all hash algorithms are supported
205 (for \fIluksFormat\fR algorithm must provide at least 20 byte long hash).
206 Default is set during compilation, compatible values with old version of cryptsetup are
207 \fB"ripemd160"\fR for \fIcreate\fR action and \fB"sha1"\fR for \fIluksFormat\fR.
209 Use \fIcryptsetup \-\-help\fR to show defaults.
212 set cipher specification string.
214 Default mode is configurable during compilation,
215 you can see compiled-in default using \fIcryptsetup \-\-help\fR.
216 If not changed, the default is for plain dm-crypt and LUKS mappings
217 "aes-cbc-essiv:sha256".
219 For pre-2.6.10 kernels, use "aes-plain" as they don't understand
220 the new cipher spec strings. To use ESSIV, use "aes-cbc-essiv:sha256".
222 For XTS mode, kernel version 2.6.24 or more recent is required.
223 Use "aes-xts-plain" cipher specification and set key size to 256
224 (or 512) bits (see \-s option).
226 .B "\-\-verify-passphrase, \-y"
227 query for passwords twice. Useful when creating a (regular) mapping
228 for the first time, or when running \fIluksFormat\fR.
230 .B "\-\-key-file, \-d"
231 use file as key material.
233 With LUKS, key material supplied in key files via \-d are always used
234 for existing passphrases, except in \fIluksFormat\fR action where
235 \-d is equivalent to positional key file argument.
237 If you want to set a new key via a key file, you have to use
238 a positional arg to \fIluksAddKey\fR.
240 If the key file is "-", stdin will be used. With the "-" key file
241 reading will not stop when new line character is detected.
243 See section \fBNOTES ON PASSWORD PROCESSING\fR for more information.
245 .B "\-\-keyfile-size, \-l \fIvalue\fR"
246 Limits read from keyfile to \fIvalue\fR bytes.
247 Usable together with all comands using key file.
249 .B "\-\-new-keyfile-size \fIvalue\fR"
250 Limits read from new keyfile to \fIvalue\fR bytes in \fIluksAddKey\fR when
251 adding new key file. Default is exhaustive read from key file.
253 .B "\-\-master-key-file"
254 Use pre-generated master key stored in file. For \fIluksFormat\fR it allows
255 LUKS header reformatting with the same master key (if all other parameters
256 are the same existing encrypted data remains intact).
258 For \fIluksAddKey\fR it allows adding new passphrase with only master key knowledge.
260 .B "\-\-dump-master-key"
261 For \fIluksDump\fR it allows LUKS header dump including volume (master) key.
262 Use with care (this information allows access to device without passphrase knowledge).
264 See \fIluksDump\fR for more info.
269 For \fIluksFormat\fR it defines which kernel random number generator will
270 be used for long-term key (volume key).
272 See \fBNOTES ON RNG\fR for more information. Use \fIcryptsetup \-\-help\fR
275 .B "\-\-key-slot, \-S"
276 For LUKS operations that add key material, this options allows you
277 to specify which key slot is selected for the new key.
278 This option can be used for \fIluksFormat\fR and \fIluksAddKey\fR.
280 .B "\-\-key-size, \-s"
281 set key size in bits.
283 Has to be a multiple of 8 bits. The key size is limited by the used cipher.
285 See output of /proc/crypto for more information.
287 Can be used for \fIcreate\fR or \fIluksFormat\fR, all other LUKS actions
288 will use key-size specified by the LUKS header.
289 Default is set during compilation, if not changed it is 256 bits.
291 Use \fIcryptsetup \-\-help\fR to show defaults.
294 force the size of the underlying device in sectors.
295 This option is only relevant for \fIcreate\fR and \fIresize\fR action.
298 start offset in the backend device (in 512-byte sectors).
299 This option is only relevant for \fIcreate\fR action.
302 how many sectors of the encrypted data to skip at the beginning.
303 This is different from the \-\-offset options with respect to IV calculations.
304 Using \-\-offset will shift the IV calculation by the same negative amount.
305 Hence, if \-\-offset \fIn\fR, sector \fIn\fR will be the first sector
306 on the mapping with IV \fI0\fR. Using \-\-skip would have resulted in sector
307 \fIn\fR being the first sector also, but with IV \fIn\fR.
308 This option is only relevant for \fIcreate\fR action.
311 set up a read-only mapping.
313 .B "\-\-iter-time, \-i"
314 The number of milliseconds to spend with PBKDF2 password processing.
315 This option is only relevant to the LUKS operations as
316 \fIluksFormat\fR or \fIluksAddKey\fR.
317 Note that 0 means default.
319 .B "\-\-batch-mode, \-q"
320 Do not ask for confirmation. Use with care! This option is only relevant
321 for \fIluksFormat\fR, \fIluksAddKey\fR, \fIluksRemoveKey\fR or \fIluksKillSlot\fR.
323 .B "\-\-timeout, \-t"
324 The number of seconds to wait before timeout. This option is relevant every
325 time a password is asked, like \fIcreate\fR, \fIluksOpen\fR, \fIluksFormat\fR
326 or \fIluksAddKey\fR. It has no effect if used in conjunction with \-\-key-file.
329 How often the input of the passphrase shall be retried. This option is relevant
330 every time a password is asked, like \fIcreate\fR, \fIluksOpen\fR, \fIluksFormat\fR
331 or \fIluksAddKey\fR. The default is 3 tries.
333 .B "\-\-align-payload=\fIvalue\fR"
334 Align payload at a boundary of \fIvalue\fR 512-byte sectors.
335 This option is relevant for \fIluksFormat\fR.
337 If not specified, cryptsetup tries to use topology info provided by kernel
338 for underlying device to get optimal alignment.
339 If not available (or calculated value is multiple of default) data is by
340 default aligned to 1 MiB boundary (2048 512-byte sectors).
342 .B "\-\-uuid=\fIUUID\fR"
343 Use provided \fIUUID\fR in \fIluksFormat\fR command instead of generating
344 new one or change existing UUID in \fIluksUUID\fR command.
346 The UUID must be provided in standard UUID format
347 (e.g. 12345678-1234-1234-1234-123456789abc).
351 .SH NOTES ON PASSWORD PROCESSING
352 \fBFrom a terminal\fR: Password processing is new-line sensitive,
353 meaning the reading will stop after encountering \\n.
354 It will process the read material (without newline) with the default
355 hash or the hash given by \-\-hash.
356 After hashing, it will be cropped to the key size given by \-s.
358 \fBFrom stdin\fR: Reading will continue until EOF (so using
359 e.g. /dev/random as stdin will not work), with the trailing
361 After that the read data will be hashed with the default hash or
362 the hash given by \-\-hash and the result will be cropped to
363 the keysize given by \-s.
365 If "plain" is used as an argument to the hash option, the input
366 data will not be hashed.
367 Instead, it will be zero padded (if shorter than the keysize) or
368 truncated (if longer than the keysize) and used directly as the key.
369 No warning will be given if the amount of data read from stdin is
370 less than the keysize.
372 \fBFrom a key file\fR: It will be cropped to the size given by \-s.
373 If there is insufficient key material in the key file, cryptsetup
374 will quit with an error.
376 If \-\-key-file=- is used for reading the key from stdin, no
377 trailing newline is stripped from the input. Without that option,
378 cryptsetup strips trailing newlines from stdin input.
379 .SH NOTES ON PASSWORD PROCESSING FOR LUKS
380 LUKS uses PBKDF2 to protect against dictionary attacks (see RFC 2898).
382 LUKS will always do an exhaustive password reading.
383 Hence, password can not be read from /dev/random, /dev/zero or any
384 other stream that does not terminate.
386 For any password creation action (luksAddKey, or luksFormat),
387 the user may specify how much the time the password processing
388 should consume. Increasing the time will lead to a more secure
389 password, but also will take luksOpen longer to complete.
390 The default setting of one second is sufficient for good security.
391 .SH INCOHERENT BEHAVIOUR FOR INVALID PASSWORDS/KEYS
392 LUKS checks for a valid password or key when an encrypted partition
393 is unlocked. Thus the luksOpen action fails with invalid password
394 or key, contrary to the plain dm-crypt create action.
396 Please also be sure that you are using the same keyboard and
397 language setting as during device format.
398 .SH NOTES ON SUPPORTED CIPHERS, MODES, HASHES AND KEY SIZES
399 The available combinations of ciphers, modes, hashes and key sizes
400 depend on kernel support. See /proc/crypto for a list of available
401 options. You might need to load additional kernel crypto modules
402 in order to get more options.
404 For \-\-hash option all algorithms supported by gcrypt library are available.
405 .SH NOTES ON PASSWORDS
406 Mathematics can't be bribed. Make sure you keep your passwords safe.
407 There are a few nice tricks for constructing a fallback, when suddenly
408 out of (or after being) blue, your brain refuses to cooperate.
409 These fallbacks are possible with LUKS, as it's only possible with LUKS
410 to have multiple passwords.
412 Random Number Generator (RNG) used in cryptsetup always uses kernel RNG without
413 any modifications or additions to data stream procudes by kernel (like internal
414 random pool operations or mixing with the other random sources).
416 There are two types of randomness cryptsetup/LUKS needs. One type (which always
417 uses /dev/urandom) is used for salt, AF splitter and for wiping removed
420 Second type is used for volume (master) key. You can switch between
421 using /dev/random and /dev/urandom here, see \fP--use-random\fR and \fP--use-urandom\fR
422 options. Using /dev/random on system without enough entropy sources
423 can cause \fPluksFormat\fR to block until the requested amount of random data is gathered.
424 See \fPurandom(4)\fR for more information.
425 .SH NOTES ON LOOPBACK DEVICE USE
426 Cryptsetup is usually used directly over block device (like disk partition or LVM volume).
427 However if the device argument is file, cryptsetup tries to allocate loopback device
428 and map it into this file. This mode requires Linux kernel 2.6.25 or more recent which
429 supports loop autoclear flag (loop device is cleared on last close automatically).
431 When device mapping is active, you can see loop backing file in status command output.
434 cryptsetup is written by Christophe Saout <christophe@saout.de>
436 LUKS extensions, and man page by Clemens Fruhwirth <clemens@endorphin.org>
437 .SH DEPRECATED ACTIONS
439 The \fIreload\fR action is no longer supported.
440 Please use \fIdmsetup(8)\fR if you need to
441 directly manipulate with the device mapping table.
443 The \fIluksDelKey\fR was replaced with \fIluksKillSlot\fR.
446 Report bugs to <dm-crypt@saout.de> or Issues section on LUKS website.
447 Please attach output of failed command with added \-\-debug option.
449 Copyright \(co 2004 Christophe Saout
451 Copyright \(co 2004-2006 Clemens Fruhwirth
453 Copyright \(co 2009-2011 Red Hat, Inc.
455 This is free software; see the source for copying conditions. There is NO
456 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
458 LUKS website, \fBhttp://code.google.com/p/cryptsetup/\fR