creates a mapping with <name> backed by device <device>.
\fB<options>\fR can be [\-\-hash, \-\-cipher, \-\-verify-passphrase,
-\-\-key-file, \-\-key-size, \-\-offset, \-\-skip, \-\-readonly]
+\-\-key-file, \-\-key-size, \-\-offset, \-\-skip, \-\-size, \-\-readonly]
.PP
\fIremove\fR <name>
.IP
N.B. If key file is in GPG encrypted format, you have to use
\-\-key-file=- and decrypt it before use.
-gpg --decrypt <keyfile> | cryptsetup loopaesOpen \-\-key-file=- <device> <name>
+gpg \-\-decrypt <keyfile> | cryptsetup loopaesOpen \-\-key-file=- <device> <name>
Use \fB\-\-key-file\fR to specify proper key length, default compiled-in
parameters are visible in \fB\-\-help\fR output.
and not used it in IV sector calculations, you have to explicitly use
\fB\-\-skip 0\fR in addition to offset parameter.
-\fB<options>\fR can be [\-\-key-file, \-\-key-size, \-\-offset, \-\-skip, \-\-readonly].
+Use \fB\-\-hash\fR to override hash function for password hashing
+(otherwise it is detected according to key size).
+
+\fB<options>\fR can be [\-\-key-file, \-\-key-size, \-\-offset, \-\-skip,
+\-\-hash, \-\-readonly].
.PP
\fIloopaesClose\fR <name>
.IP
Run in debug mode with full diagnostic logs.
.TP
.B "\-\-hash, \-h"
-For \fIcreate\fR action specifies hash to use for password hashing.
+For \fIcreate\fR and \fIloopaesOpen\fR action specifies hash to use for password hashing.
For \fIluksFormat\fR action specifies hash used in LUKS key setup scheme
and volume key digest.
If not changed, the default is for plain dm-crypt and LUKS mappings
"aes-cbc-essiv:sha256".
-For pre-2.6.10 kernels, use "aes-plain" as they don't understand
-the new cipher spec strings. To use ESSIV, use "aes-cbc-essiv:sha256".
-
For XTS mode, kernel version 2.6.24 or more recent is required.
-Use "aes-xts-plain" cipher specification and set key size to 256
+Use "aes-xts-plain64" cipher specification and set key size to 256
(or 512) bits (see \-s option).
+Note that plain64 IV (Initialization Vector) is available since kernel version 2.6.33
+and it is full 64bit version of plain IV. For more info please see FAQ.
.TP
.B "\-\-verify-passphrase, \-y"
query for passwords twice. Useful when creating a (regular) mapping
Hence, if \-\-offset \fIn\fR, sector \fIn\fR will be the first sector
on the mapping with IV \fI0\fR. Using \-\-skip would have resulted in sector
\fIn\fR being the first sector also, but with IV \fIn\fR.
-This option is only relevant for \fIcreate\fR action.
+This option is only relevant for \fIcreate\fR and \fIloopaesOpen\fR action.
.TP
.B "\-\-readonly"
set up a read-only mapping.
.TP
.B "\-\-version"
Show the version.
+.SH RETURN CODES
+Crypsetup returns 0 on success or non-zero on error.
+
+Error codes are: 1 wrong parameters, 2 no permission (bad passphrase),
+3 out of memory, 4 wrong device specified, 5 device already exists
+or device is busy.
.SH NOTES ON PASSWORD PROCESSING FOR PLAIN MODE
\fBFrom a terminal\fR: Password processing is new-line sensitive,
meaning the reading will stop after encountering \\n.
keyslot.
Second type is used for volume (master) key. You can switch between
-using /dev/random and /dev/urandom here, see \fP--use-random\fR and \fP--use-urandom\fR
+using /dev/random and /dev/urandom here, see \fP\-\-use-random\fR and \fP\-\-use-urandom\fR
options. Using /dev/random on system without enough entropy sources
can cause \fPluksFormat\fR to block until the requested amount of random data is gathered.
See \fPurandom(4)\fR for more information.