1 .TH CRYPTSETUP "8" "" "cryptsetup" "Maintenance Commands"
3 cryptsetup - setup cryptographic volumes for dm-crypt (including LUKS extension)
6 .B cryptsetup <options> <action> <action args>
9 cryptsetup is used to conveniently setup dm-crypt managed device-mapper mappings.
10 For basic (plain) dm-crypt mappings, there are four operations.
12 These strings are valid for \fB<action>\fR, followed by their \fB<action args>\fR:
14 \fIcreate\fR <name> <device>
16 creates a mapping with <name> backed by device <device>.
18 \fB<options>\fR can be [\-\-hash, \-\-cipher, \-\-verify-passphrase, \-\-key-file, \-\-key-size, \-\-offset, \-\-skip, \-\-readonly]
22 removes an existing mapping <name>.
26 reports the status for the mapping <name>.
30 resizes an active mapping <name>.
32 If \-\-size (in sectors) is not specified, the size of the underlying block device is used.
37 LUKS, Linux Unified Key Setup, is a standard for hard disk encryption. It standardizes a partition header, as well as the format of the bulk data. LUKS can manage multiple passwords, that can be revoked effectively and that are protected against dictionary attacks with PBKDF2.
39 These are valid LUKS actions:
41 \fIluksFormat\fR <device> [<key file>]
43 initializes a LUKS partition and sets the initial key, either via prompting or via <key file>.
45 \fB<options>\fR can be [\-\-cipher, \-\-verify-passphrase, \-\-key-size, \-\-key-slot,
46 \-\-key-file (takes precedence over optional second argument), \-\-use-random | \-\-use-urandom].
49 \fIluksOpen\fR <device> <name>
51 opens the LUKS partition <device> and sets up a mapping <name> after successful verification of the supplied key material (either via key file by \-\-key-file, or via prompting).
53 \fB<options>\fR can be [\-\-key-file, \-\-readonly].
55 \fIluksClose\fR <name>
57 identical to \fIremove\fR.
59 \fIluksSuspend\fR <name>
61 suspends active device (all IO operations are frozen) and wipes encryption key from kernel. Kernel version 2.6.19 or later is required.
63 After that operation you have to use \fIluksResume\fR to reinstate encryption key (and resume device) or \fIluksClose\fR to remove mapped device.
65 \fBWARNING:\fR never try to suspend device where is the cryptsetup binary itself.
67 \fIluksResume\fR <name>
69 Resumes suspended device and reinstates encryption key. You will need provide passphrase
70 identical to \fIluksOpen\fR command (using prompting or key file).
72 \fB<options>\fR can be [\-\-key-file]
74 \fIluksAddKey\fR <device> [<new key file>]
76 add a new key file/passphrase. An existing passphrase or key file (via \-\-key-file) must be supplied.
77 The key file with the new material is supplied as a positional argument.
79 \fB<options>\fR can be [\-\-key-file, \-\-key-slot].
81 \fIluksRemoveKey\fR <device> [<key file>]
83 remove supplied key or key file from LUKS device
85 \fIluksKillSlot\fR <device> <key slot number>
87 wipe key with number <key slot> from LUKS device. A remaining passphrase or
88 key file (via \-\-key-file) must be supplied.
90 \fB<options>\fR can be [\-\-key-file].
92 \fIluksDelKey\fR <device> <key slot number>
94 identical to luksKillSlot, but deprecated action name.
96 \fIluksUUID\fR <device>
98 print UUID, if <device> has a LUKS header.
100 \fIisLuks\fR <device>
102 returns true, if <device> is a LUKS partition. Otherwise, false.
104 \fIluksDump\fR <device>
106 dumps the header information of a LUKS partition.
108 \fIluksHeaderBackup\fR <device> \-\-header-backup-file <file>
110 Stores binary backup of LUKS header and keyslot areas.
112 \fBWARNING:\fR Please note that with this backup file (and old passphrase knowledge) you can decrypt data even if old passphrase was wiped from real device.
114 Also note that anti-forensic splitter is not used during manipulation with backup file.
116 \fIluksHeaderRestore\fR <device> \-\-header-backup-file <file>
119 Restores binary backup of LUKS header and keyslot areas from specified file.
121 \fBWARNING:\fR All the keyslot areas are overwritten, only active keyslots form backup file are available after issuing this command.
123 This command allows restoring header if device do not contain LUKS header or if the master key size and data offset in LUKS header on device match the backup file.
126 For more information about LUKS, see \fBhttp://code.google.com/p/cryptsetup/wiki/Specification\fR
130 .B "\-\-verbose, \-v"
131 Print more verbose messages.
134 Run in debug mode with full diagnostic logs.
137 For \fIcreate\fR action specifies hash to use for password hashing.
139 For \fIluksFormat\fR action specifies hash used in LUKS key setup scheme and volume key digest.
141 \fBWARNING:\fR setting hash other than \fBsha1\fR causes LUKS device incompatible with older version of cryptsetup.
143 The hash string is passed to libgcrypt, so all hash algorithms are supported
144 (for \fIluksFormat\fR algorithm must provide at least 20 byte long hash).
145 Default is set during compilation, compatible values with old version of cryptsetup are
146 \fB"ripemd160"\fR for \fIcreate\fR action and \fB"sha1"\fR for \fIluksFormat\fR.
148 Use \fIcryptsetup \-\-help\fR to show defaults.
151 set cipher specification string.
153 Default mode is configurable during compilation,
154 you can see compiled-in default using \fIcryptsetup \-\-help\fR.
155 If not changed, the default is for plain dm-crypt and LUKS mappings
156 "aes-cbc-essiv:sha256".
158 For pre-2.6.10 kernels, use "aes-plain" as they don't understand
159 the new cipher spec strings. To use ESSIV, use "aes-cbc-essiv:sha256".
161 For XTS mode, kernel version 2.6.24 or more recent is required.
162 Use "aes-xts-plain" cipher specification and set key size to 256 (or 512) bits (see \-s option).
164 .B "\-\-verify-passphrase, \-y"
165 query for passwords twice. Useful when creating a (regular) mapping for the first time, or when running \fIluksFormat\fR.
167 .B "\-\-key-file, \-d"
168 use file as key material.
170 With LUKS, key material supplied in key files via \-d are always used for existing passphrases,
171 except in \fIluksFormat\fR action where \-d is equivalent to positional key file argument.
172 If you want to set a new key via a key file, you have to use a positional arg to \fIluksAddKey\fR.
174 If the key file is "-", stdin will be used. With the "-" key file reading will
175 not stop when new line character is detected. See section \fBNOTES ON PASSWORD PROCESSING\fR for more information.
177 .B "\-\-master-key-file"
178 Use pre-generated master key stored in file. For \fIluksFormat\fR it allows LUKS header reformatting with the same master key (if all other parameters are the same existing encrypted data remains intact).
180 For \fIluksAddKey\fR it allows adding new passphrase with only master key knowledge.
185 For \fIluksFormat\fR it defines which kernel random number generator will be used for long-term key (volume key).
187 See \fBNOTES ON RNG\fR for more information. Use \fIcryptsetup \-\-help\fR to show default RNG.
189 .B "\-\-key-slot, \-S"
190 For LUKS operations that add key material, this options allows to you specify which key slot is selected for the new key. This option can be used for \fIluksFormat\fR and \fIluksAddKey\fR.
192 .B "\-\-key-size, \-s"
193 set key size in bits.
195 Has to be a multiple of 8 bits. The key size is limited by the used cipher. See output of /proc/crypto for more information.
196 Can be used for \fIcreate\fR or \fIluksFormat\fR, all other LUKS actions will use key-size specified by the LUKS header.
197 Default is set during compilation, if not changed it is 256 bits.
199 Use \fIcryptsetup \-\-help\fR to show defaults.
201 For \fIluksOpen\fR this option specifies number of bits read from the key-file (default is exhaustive read from key-file).
204 force the size of the underlying device in sectors.
205 This option is only relevant for \fIcreate\fR and \fIresize\fR action.
208 start offset in the backend device (in 512-byte sectors).
209 This option is only relevant for \fIcreate\fR action.
212 how many sectors of the encrypted data to skip at the beginning. This is different from the \-\-offset options with respect to IV calculations. Using \-\-offset will shift the IV calculation by the same negative amount. Hence, if \-\-offset \fIn\fR, sector \fIn\fR will be the first sector on the mapping with IV \fI0\fR. Using \-\-skip would have resulted in sector \fIn\fR being the first sector also, but with IV \fIn\fR.
213 This option is only relevant for \fIcreate\fR action.
216 set up a read-only mapping.
218 .B "\-\-iter-time, \-i"
219 The number of milliseconds to spend with PBKDF2 password processing. This option is only relevant to the LUKS operations as \fIluksFormat\fR or \fIluksAddKey\fR.
221 .B "\-\-batch-mode, \-q"
222 Do not ask for confirmation. Use with care! This option is only relevant for \fIluksFormat\fR, \fIluksAddKey\fR, \fIluksRemoveKey\fR or \fIluksKillSlot\fR.
224 .B "\-\-timeout, \-t"
225 The number of seconds to wait before timeout. This option is relevant every time a password is asked, like \fIcreate\fR, \fIluksOpen\fR, \fIluksFormat\fR or \fIluksAddKey\fR. It has no effect if used in conjunction with \-\-key-file.
228 How often the input of the passphrase shall be retried. This option is relevant every time a password is asked, like \fIcreate\fR, \fIluksOpen\fR, \fIluksFormat\fR or \fIluksAddKey\fR. The default is 3 tries.
230 .B "\-\-align-payload=\fIvalue\fR"
231 Align payload at a boundary of \fIvalue\fR 512-byte sectors. This option is relevant for \fIluksFormat\fR.
232 If not specified, cryptsetup tries to use topology info provided by kernel for underlying device to get optimal alignment.
233 If not available (or calculated value is multiple of default) data is by default aligned to 1 MiB boundary (2048 512-byte sectors).
238 .SH NOTES ON PASSWORD PROCESSING
239 \fIFrom a terminal\fR: Password processing is new-line sensitive, meaning the reading will stop after encountering \\n. It will process the read material (without newline) with the default hash or the hash given by \-\-hash. After hashing, it will be cropped to the key size given by \-s.
241 \fIFrom stdin\fR: Reading will continue until EOF (so using e.g. /dev/random as stdin will not work), with the trailing newline stripped. After that the read data will be hashed with the default hash or the hash given by \-\-hash and the result will be cropped to the keysize given by \-s. If "plain" is used as an argument to the hash option, the input data will not be hashed.
242 Instead, it will be zero padded (if shorter than the keysize) or truncated (if longer than the keysize) and used directly as the key. No warning will be given if the amount of data read from stdin is less than the keysize.
244 \fIFrom a key file\fR: It will be cropped to the size given by \-s. If there is insufficient key material in the key file, cryptsetup will quit with an error.
246 If \-\-key-file=- is used for reading the key from stdin, no trailing newline is stripped from the input. Without that option, cryptsetup strips trailing newlines from stdin input.
247 .SH NOTES ON PASSWORD PROCESSING FOR LUKS
248 LUKS uses PBKDF2 to protect against dictionary attacks (see RFC 2898).
250 LUKS will always do an exhaustive password reading. Hence, password can not be read from /dev/random, /dev/zero or any other stream that does not terminate.
252 For any password creation action (luksAddKey, or luksFormat), the user may specify how much the time the password processing should consume.
253 Increasing the time will lead to a more secure password, but also will take luksOpen longer to complete. The default setting of one second is sufficient for good security.
254 .SH INCOHERENT BEHAVIOUR FOR INVALID PASSWORDS/KEYS
255 LUKS checks for a valid password or key when an encrypted partition is unlocked. Thus the luksOpen action fails with invalid password or key, contrary to the plain dm-crypt create action.
257 Please also be sure that you are using the same keyboard and language setting as during device format.
258 .SH NOTES ON SUPPORTED CIPHERS, MODES, HASHES AND KEY SIZES
259 The available combinations of ciphers, modes, hashes and key sizes depend on kernel support. See /proc/crypto for a list of available options. You might need to load additional kernel crypto modules in order to get more options.
261 For \-\-hash option all algorithms supported by gcrypt library are available.
262 .SH NOTES ON PASSWORDS
263 Mathematics can't be bribed. Make sure you keep your passwords safe. There are a few nice tricks for constructing a fallback, when suddenly out of (or after being) blue, your brain refuses to cooperate. These fallbacks are possible with LUKS, as it's only possible with LUKS to have multiple passwords.
265 Random Number Generator (RNG) used in cryptsetup always uses kernel RNG without
266 any modifications or additions to data stream procudes by kernel (like internal
267 random pool operations or mixing with the other random sources).
269 There are two types of randomness cryptsetup/LUKS needs. One type (which always
270 uses /dev/urandom) is used for salt, AF splitter and for wiping removed
273 Second type is used for volume (master) key. You can switch between
274 using /dev/random and /dev/urandom here, see \fP--use-random\fR and \fP--use-urandom\fR
275 options. Using /dev/random on system without enough entropy sources
276 can cause \fPluksFormat\fR to block until the requested amount of random data is gathered.
277 See \fPurandom(4)\fR for more information.
279 cryptsetup is written by Christophe Saout <christophe@saout.de>
281 LUKS extensions, and man page by Clemens Fruhwirth <clemens@endorphin.org>
282 .SH "COMPATABILITY WITH OLD SUSE TWOFISH PARTITIONS"
283 To read images created with SuSE Linux 9.2's loop_fish2 use \-\-cipher
284 twofish-cbc-null \-s 256 \-h sha512, for images created with even
285 older SuSE Linux use \-\-cipher twofish-cbc-null \-s 192 \-h
288 .SH DEPRECATED ACTIONS
290 \fIreload\fR <name> <device>
292 modifies an active mapping <name>. Same options as for
295 Do not use this for LUKS devices, as the semantics
296 are identical to the create action, which are totally incompatible
297 with the LUKS key setup.
299 This action is deprected because it proved to be rarely useful. It is
300 uncommon to change the underlying device, key, or offset on the
301 fly. In case, you really want to do this, you certainly know what you
302 are doing and then you are probably better off with the swiss knive
303 tool for device mapper, namely dmsetup. It provides you with the same
304 functionality, see dmsetup reload.
306 \fIluksDelKey\fR <device> <key slot number>
308 identical to luksKillSlot, but deprecated action name. This option was
309 renamed, as we introduced luksRemoveKey, a softer method for disabling
310 password slots. To make a clear distinction that luksDelKey was more brutal than luksRemoveKey
312 \fI\-\-non-exclusive\fR
314 This option is ignored. Non-exclusive access to the same block device
315 can cause data corruption thus this mode is no longer supported by cryptsetup.
318 Report bugs to <dm-crypt@saout.de> or Issues section on LUKS website.
319 Please attach output of failed command with added \-\-debug option.
321 Copyright \(co 2004 Christophe Saout
323 Copyright \(co 2004-2006 Clemens Fruhwirth
325 Copyright \(co 2009-2010 Red Hat, Inc.
327 This is free software; see the source for copying conditions. There is NO
328 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
331 dm-crypt website, \fBhttp://www.saout.de/misc/dm-crypt/\fR
333 LUKS website, \fBhttp://code.google.com/p/cryptsetup/\fR
335 dm-crypt TWiki, \fBhttp://www.saout.de/tikiwiki/tiki-index.php\fR