{ "content": [ { "type": "text", "text": "# cryptsetup (man)\n\n## NAME\n\ncryptsetup - manage plain dm-crypt and LUKS encrypted volumes\n\n## DESCRIPTION\n\ncryptsetup is used to conveniently setup dm-crypt managed device-mapper mappings. These in‐\nclude plain dm-crypt volumes and LUKS volumes. The difference is that LUKS uses a metadata\nheader and can hence offer more features than plain dm-crypt. On the other hand, the header\nis visible and vulnerable to damage.\n\n## TLDR\n\n> Manage plain `dm-crypt` and LUKS (Linux Unified Key Setup) encrypted volumes.\n\n- Initialize a LUKS volume with a passphrase (overwrites all data on the partition):\n `cryptsetup luksFormat {{/dev/sdXY}}`\n- Open a LUKS volume and create a decrypted mapping at `/dev/mapper/mapping_name`:\n `cryptsetup open {{/dev/sdXY}} {{mapping_name}}`\n- Display information about a mapping:\n `cryptsetup status {{mapping_name}}`\n- Remove an existing mapping:\n `cryptsetup close {{mapping_name}}`\n- Change a LUKS volume's passphrase:\n `cryptsetup luksChangeKey {{/dev/sdXY}}`\n- Display LUKS header information and key slot metadata of an encrypted device:\n `cryptsetup luksDump {{/dev/sdXY}}`\n\n*Source: tldr-pages*\n\n## Sections\n\n- **NAME**\n- **SYNOPSIS** (1 subsections)\n- **DESCRIPTION** (1 subsections)\n- **WARNINGS**\n- **BASIC ACTIONS**\n- **PLAIN MODE**\n- **LUKS EXTENSION** (3 subsections)\n- **MISCELLANEOUS**\n- **OPTIONS** (70 subsections)\n- **EXAMPLE** (1 subsections)\n- **RETURN CODES**\n- **NOTES ON PASSPHRASE PROCESSING FOR PLAIN MODE**\n- **NOTES ON PASSPHRASE PROCESSING FOR LUKS**\n- **INCOHERENT BEHAVIOR FOR INVALID PASSPHRASES/KEYS** (1 subsections)\n- **NOTES ON PASSPHRASES**\n- **NOTES ON RANDOM NUMBER GENERATORS** (1 subsections)\n- **NOTES ON LOOPBACK DEVICE USE** (1 subsections)\n- **DEPRECATED ACTIONS**\n- **REPORTING BUGS**\n- **AUTHORS**\n- **COPYRIGHT**\n- **SEE ALSO** (1 subsections)\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n" } ], "structuredContent": { "command": "cryptsetup", "section": "", "mode": "man", "summary": "cryptsetup - manage plain dm-crypt and LUKS encrypted volumes", "synopsis": "", "tldr_summary": "Manage plain `dm-crypt` and LUKS (Linux Unified Key Setup) encrypted volumes.", "tldr_examples": [ { "description": "Initialize a LUKS volume with a passphrase (overwrites all data on the partition)", "command": "cryptsetup luksFormat {{/dev/sdXY}}" }, { "description": "Open a LUKS volume and create a decrypted mapping at `/dev/mapper/mapping_name`", "command": "cryptsetup open {{/dev/sdXY}} {{mapping_name}}" }, { "description": "Display information about a mapping", "command": "cryptsetup status {{mapping_name}}" }, { "description": "Remove an existing mapping", "command": "cryptsetup close {{mapping_name}}" }, { "description": "Change a LUKS volume's passphrase", "command": "cryptsetup luksChangeKey {{/dev/sdXY}}" }, { "description": "Display LUKS header information and key slot metadata of an encrypted device", "command": "cryptsetup luksDump {{/dev/sdXY}}" } ], "tldr_source": "official", "flags": [ { "flag": "-v", "long": "--verbose", "arg": null, "description": "Print more information on command execution." }, { "flag": "", "long": "--debug-json", "arg": null, "description": "Run in debug mode with full diagnostic logs. Debug output lines are always prefixed by '#'. If --debug-json is used, additional LUKS2 JSON data structures are printed." }, { "flag": "", "long": "--type", "arg": "", "description": "Specifies required device type, for more info read BASIC ACTIONS section. --hash, -h Specifies the passphrase hash for open (for plain and loopaes device types). Specifies the hash used in the LUKS key setup scheme and volume key digest for luks‐ Format. The specified hash is used as hash-parameter for PBKDF2 and for the AF split‐ ter. The specified hash name is passed to the compiled-in crypto backend. Different back‐ ends may support different hashes. For luksFormat, the hash algorithm must provide at least 160 bits of output, which excludes, e.g., MD5. Do not use a non-crypto hash like \"crc32\" as this breaks security. Values compatible with old version of cryptsetup are \"ripemd160\" for open --type plain and \"sha1\" for luksFormat. Use cryptsetup --help to show the defaults. --cipher, -c Set the cipher specification string. cryptsetup --help shows the compiled-in defaults. The current default in the distrib‐ uted sources is \"aes-cbc-essiv:sha256\" for plain dm-crypt and \"aes-xts-plain64\" for LUKS. If a hash is part of the cipher specification, then it is used as part of the IV gen‐ eration. For example, ESSIV needs a hash function, while \"plain64\" does not and hence none is specified. For XTS mode you can optionally set a key size of 512 bits with the -s option. Key size for XTS mode is twice that for other modes for the same security level. XTS mode requires kernel 2.6.24 or later and plain64 requires kernel 2.6.33 or later. More information can be found in the FAQ." }, { "flag": "-y", "long": "--verify-passphrase", "arg": null, "description": "When interactively asking for a passphrase, ask for it twice and complain if both in‐ puts do not match. Advised when creating a regular mapping for the first time, or when running luksFormat. Ignored on input from file or stdin. --key-file, -d name Read the passphrase from file. If the name given is \"-\", then the passphrase will be read from stdin. In this case, reading will not stop at newline characters. With LUKS, passphrases supplied via --key-file are always the existing passphrases re‐ quested by a command, except in the case of luksFormat where --key-file is equivalent to the positional key file argument. If you want to set a new passphrase via key file, you have to use a positional argu‐ ment to luksAddKey. See section NOTES ON PASSPHRASE PROCESSING for more information. --keyfile-offset value Skip value bytes at the beginning of the key file. Works with all commands that ac‐ cept key files. --keyfile-size, -l value Read a maximum of value bytes from the key file. The default is to read the whole file up to the compiled-in maximum that can be queried with --help. Supplying more data than the compiled-in maximum aborts the operation. This option is useful to cut trailing newlines, for example. If --keyfile-offset is also given, the size count starts after the offset. Works with all commands that ac‐ cept key files. --new-keyfile-offset value Skip value bytes at the start when adding a new passphrase from key file with luksAdd‐ Key. --new-keyfile-size value Read a maximum of value bytes when adding a new passphrase from key file with luksAdd‐ Key. The default is to read the whole file up to the compiled-in maximum length that can be queried with --help. Supplying more than the compiled in maximum aborts the operation. When --new-keyfile-offset is also given, reading starts after the offset." }, { "flag": "", "long": "--master-key-file", "arg": null, "description": "Use a master key stored in a file. For luksFormat this allows creating a LUKS header with this specific master key. If the master key was taken from an existing LUKS header and all other parameters are the same, then the new header decrypts the data encrypted with the header the master key was taken from. Action luksDump together with --dump-master-key option: The volume (master) key is stored in a file instead of being printed out to standard output. WARNING: If you create your own master key, you need to make sure to do it right. Oth‐ erwise, you can end up with a low-entropy or otherwise partially predictable master key which will compromise security. For luksAddKey this allows adding a new passphrase without having to know an existing one. For open this allows one to open the LUKS device without giving a passphrase." }, { "flag": "", "long": "--dump-json-metadata", "arg": null, "description": "For luksDump (LUKS2 only) this option prints content of LUKS2 header JSON metadata area." }, { "flag": "", "long": "--dump-master-key", "arg": null, "description": "For luksDump this option includes the master key in the displayed information. Use with care, as the master key can be used to bypass the passphrases, see also option --master-key-file." }, { "flag": "", "long": "--json-file", "arg": null, "description": "Read token json from a file or write token to it. See token action for more informa‐ tion. --json-file=- reads json from standard input or writes it to standard output re‐ spectively." }, { "flag": "", "long": "--use-random", "arg": null, "description": "" }, { "flag": "", "long": "--use-urandom", "arg": null, "description": "For luksFormat these options define which kernel random number generator will be used to create the master key (which is a long-term key). See NOTES ON RANDOM NUMBER GENERATORS for more information. Use cryptsetup --help to show the compiled-in default random number generator. WARNING: In a low-entropy situation (e.g. in an embedded system), both selections are problematic. Using /dev/urandom can lead to weak keys. Using /dev/random can block a long time, potentially forever, if not enough entropy can be harvested by the kernel." }, { "flag": "-S", "long": "--key-slot", "arg": "<0-N>", "description": "For LUKS operations that add key material, this options allows you to specify which key slot is selected for the new key. This option can be used for luksFormat, and luksAddKey. In addition, for open, this option selects a specific key-slot to compare the passphrase against. If the given passphrase would only match a different key-slot, the operation fails. Maximum number of key slots depends on LUKS version. LUKS1 can have up to 8 key slots. LUKS2 can have up to 32 key slots based on key slot area size and key size, but a valid key slot ID can always be between 0 and 31 for LUKS2." }, { "flag": "-s", "long": "--key-size", "arg": "", "description": "Sets key size in bits. The argument has to be a multiple of 8. The possible key-sizes are limited by the cipher and mode used. See /proc/crypto for more information. Note that key-size in /proc/crypto is stated in bytes. This option can be used for open --type plain or luksFormat. All other LUKS actions will use the key-size specified in the LUKS header. Use cryptsetup --help to show the compiled-in defaults." }, { "flag": "-b", "long": "--size", "arg": null, "description": "Set the size of the device in sectors of 512 bytes. This option is only relevant for the open and resize actions." }, { "flag": "-o", "long": "--offset", "arg": null, "description": "Start offset in the backend device in 512-byte sectors. This option is only relevant for the open action with plain or loopaes device types or for LUKS devices in luksFor‐ mat. For LUKS, the --offset option sets the data offset (payload) of data device and must be be aligned to 4096-byte sectors (must be multiple of 8). This option cannot be combined with --align-payload option." }, { "flag": "-p", "long": "--skip", "arg": null, "description": "Start offset used in IV calculation in 512-byte sectors (how many sectors of the en‐ crypted data to skip at the beginning). This option is only relevant for the open ac‐ tion with plain or loopaes device types. Hence, if --offset n, and --skip s, sector n (the first sector of the encrypted de‐ vice) will get a sector number of s for the IV calculation. --device-size size[units] Instead of real device size, use specified value. With reencrypt action it means that only specified area (from the start of the device to the specified size) will be reencrypted. With resize action it sets new size of the device. If no unit suffix is specified, the size is in bytes. Unit suffix can be S for 512 byte sectors, K/M/G/T (or KiB,MiB,GiB,TiB) for units with 1024 base or KB/MB/GB/TB for 1000 base (SI scale). WARNING: This is destructive operation when used with reencrypt command." }, { "flag": "-r", "long": "--readonly", "arg": null, "description": "set up a read-only mapping." }, { "flag": "", "long": "--shared", "arg": null, "description": "Creates an additional mapping for one common ciphertext device. Arbitrary mappings are supported. This option is only relevant for the open --type plain action. Use --off‐ set, --size and --skip to specify the mapped area." }, { "flag": "", "long": "--pbkdf", "arg": null, "description": "Set Password-Based Key Derivation Function (PBKDF) algorithm for LUKS keyslot. The PBKDF can be: pbkdf2 (for PBKDF2 according to RFC2898), argon2i for Argon2i or ar‐ gon2id for Argon2id (see https://www.cryptolux.org/index.php/Argon2 for more info). For LUKS1, only PBKDF2 is accepted (no need to use this option). The default PBKDF2 for LUKS2 is set during compilation time and is available in cryptsetup --help output. A PBKDF is used for increasing dictionary and brute-force attack cost for keyslot passwords. The parameters can be time, memory and parallel cost. For PBKDF2, only time cost (number of iterations) applies. For Argon2i/id, there is also memory cost (memory required during the process of key derivation) and parallel cost (number of threads that run in parallel during the key derivation. Note that increasing memory cost also increases time, so the final parameter values are measured by a benchmark. The benchmark tries to find iteration time (--iter-time) with required memory cost --pbkdf-memory. If it is not possible, the memory cost is decreased as well. The parallel cost --pbkdf-parallel is constant and is checked against available CPU cores. You can see all PBKDF parameters for particular LUKS2 keyslot with luksDump command. NOTE: If you do not want to use benchmark and want to specify all parameters directly, use --pbkdf-force-iterations with --pbkdf-memory and --pbkdf-parallel. This will override the values without benchmarking. Note it can cause extremely long unlocking time. Use only in specific cases, for example, if you know that the formatted device will be used on some small embedded system. MINIMAL AND MAXIMAL PBKDF COSTS: For PBKDF2, the minimum iteration count is 1000 and maximum is 4294967295 (maximum for 32bit unsigned integer). Memory and parallel costs are unused for PBKDF2. For Argon2i and Argon2id, minimum iteration count (CPU cost) is 4 and maximum is 4294967295 (maximum for 32bit unsigned integer). Minimum memory cost is 32 KiB and maximum is 4 GiB. (Limited by addresable memory on some CPU plat‐ forms.) If the memory cost parameter is benchmarked (not specified by a parameter) it is always in range from 64 MiB to 1 GiB. The parallel cost minimum is 1 and maximum 4 (if enough CPUs cores are available, otherwise it is decreased)." }, { "flag": "-i", "long": "--iter-time", "arg": null, "description": "The number of milliseconds to spend with PBKDF passphrase processing. This option is only relevant for LUKS operations that set or change passphrases, such as luksFormat or luksAddKey. Specifying 0 as parameter selects the compiled-in default." }, { "flag": "", "long": "--pbkdf-memory", "arg": "", "description": "Set the memory cost for PBKDF (for Argon2i/id the number represents kilobytes). Note that it is maximal value, PBKDF benchmark or available physical memory can decrease it. This option is not available for PBKDF2." }, { "flag": "", "long": "--pbkdf-parallel", "arg": "", "description": "Set the parallel cost for PBKDF (number of threads, up to 4). Note that it is maximal value, it is decreased automatically if CPU online count is lower. This option is not available for PBKDF2." }, { "flag": "", "long": "--pbkdf-force-iterations", "arg": "", "description": "Avoid PBKDF benchmark and set time cost (iterations) directly. It can be used for LUKS/LUKS2 device only. See --pbkdf option for more info." }, { "flag": "-q", "long": "--batch-mode", "arg": null, "description": "Suppresses all confirmation questions. Use with care! If the -y option is not specified, this option also switches off the passphrase veri‐ fication for luksFormat." }, { "flag": "", "long": "--progress-frequency", "arg": "", "description": "Print separate line every with wipe progress." }, { "flag": "-t", "long": "--timeout", "arg": null, "description": "The number of seconds to wait before timeout on passphrase input via terminal. It is relevant every time a passphrase is asked, for example for open, luksFormat or luksAd‐ dKey. It has no effect if used in conjunction with --key-file. This option is useful when the system should not stall if the user does not input a passphrase, e.g. during boot. The default is a value of 0 seconds, which means to wait forever." }, { "flag": "-T", "long": "--tries", "arg": null, "description": "How often the input of the passphrase shall be retried. This option is relevant every time a passphrase is asked, for example for open, luksFormat or luksAddKey. The de‐ fault is 3 tries." }, { "flag": "", "long": "--align-payload", "arg": null, "description": "Align payload at a boundary of value 512-byte sectors. This option is relevant for luksFormat. If not specified, cryptsetup tries to use the topology info provided by the kernel for the underlying device to get the optimal alignment. If not available (or the calcu‐ lated value is a multiple of the default) data is by default aligned to a 1MiB bound‐ ary (i.e. 2048 512-byte sectors). For a detached LUKS header, this option specifies the offset on the data device. See also the --header option. WARNING: This option is DEPRECATED and has often unexpected impact to the data offset and keyslot area size (for LUKS2) due to the complex rounding. For fixed data device offset use --offset option instead. --uuid=UUID Use the provided UUID for the luksFormat command instead of generating a new one. Changes the existing UUID when used with the luksUUID command. The UUID must be provided in the standard UUID format, e.g. 12345678-1234-1234-1234-123456789abc." }, { "flag": "", "long": "--allow-discards", "arg": null, "description": "Allow the use of discard (TRIM) requests for the device. This option is only relevant for open action. This is also not supported for LUKS2 devices with data integrity protection. WARNING: This command can have a negative security impact because it can make filesys‐ tem-level operations visible on the physical device. For example, information leaking filesystem type, used space, etc. may be extractable from the physical device if the discarded blocks can be located later. If in doubt, do not use it. A kernel version of 3.1 or later is needed. For earlier kernels, this option is ig‐ nored. --perf-samecpucrypt Perform encryption using the same cpu that IO was submitted on. The default is to use an unbound workqueue so that encryption work is automatically balanced between avail‐ able CPUs. This option is only relevant for open action. NOTE: This option is available only for low-level dm-crypt performance tuning, use only if you need a change to default dm-crypt behaviour. Needs kernel 4.0 or later. --perf-submitfromcryptcpus Disable offloading writes to a separate thread after encryption. There are some situ‐ ations where offloading write bios from the encryption threads to a single thread de‐ grades performance significantly. The default is to offload write bios to the same thread. This option is only relevant for open action. NOTE: This option is available only for low-level dm-crypt performance tuning, use only if you need a change to default dm-crypt behaviour. Needs kernel 4.0 or later. --perf-noreadworkqueue, --perf-nowriteworkqueue Bypass dm-crypt internal workqueue and process read or write requests synchronously. This option is only relevant for open action. NOTE: These options are available only for low-level dm-crypt performance tuning, use only if you need a change to default dm-crypt behaviour. Needs kernel 5.9 or later." }, { "flag": "", "long": "--test-passphrase", "arg": null, "description": "Do not activate the device, just verify passphrase. This option is only relevant for open action (the device mapping name is not mandatory if this option is used). --header Use a detached (separated) metadata device or file where the LUKS header is stored. This option allows one to store ciphertext and LUKS header on different devices. This option is only relevant for LUKS devices and can be used with the luksFormat, open, luksSuspend, luksResume, status and resize commands. For luksFormat with a file name as the argument to --header, the file will be automat‐ ically created if it does not exist. See the cryptsetup FAQ for header size calcula‐ tion. For other commands that change the LUKS header (e.g. luksAddKey), specify the device or file with the LUKS header directly as the LUKS device. If used with luksFormat, the --align-payload option is taken as absolute sector align‐ ment on ciphertext device and can be zero. WARNING: There is no check whether the ciphertext device specified actually belongs to the header given. In fact, you can specify an arbitrary device as the ciphertext de‐ vice for open with the --header option. Use with care." }, { "flag": "", "long": "--header-backup-file", "arg": "", "description": "Specify file with header backup for luksHeaderBackup or luksHeaderRestore actions." }, { "flag": "", "long": "--force-password", "arg": null, "description": "Do not use password quality checking for new LUKS passwords. This option applies only to luksFormat, luksAddKey and luksChangeKey and is ignored if cryptsetup is built without password quality checking support. For more info about password quality check, see the manual page for pwquality.conf(5) and passwdqc.conf(5)." }, { "flag": "", "long": "--deferred", "arg": null, "description": "Defers device removal in close command until the last user closes it." }, { "flag": "", "long": "--cancel-deferred", "arg": null, "description": "Removes a previously configured deferred device removal in close command." }, { "flag": "", "long": "--disable-external-tokens", "arg": null, "description": "Disable loading of plugins for external LUKS2 tokens." }, { "flag": "", "long": "--disable-locks", "arg": null, "description": "Disable lock protection for metadata on disk. This option is valid only for LUKS2 and ignored for other formats. WARNING: Do not use this option unless you run cryptsetup in a restricted environment where locking is impossible to perform (where /run directory cannot be used)." }, { "flag": "", "long": "--disable-keyring", "arg": null, "description": "Do not load volume key in kernel keyring and store it directly in the dm-crypt target instead. This option is supported only for the LUKS2 format." }, { "flag": "", "long": "--key-description", "arg": "", "description": "Set key description in keyring for use with token command." }, { "flag": "", "long": "--priority", "arg": "", "description": "Set a priority for LUKS2 keyslot. The prefer priority marked slots are tried before normal priority. The ignored priority means, that slot is never used, if not explic‐ itly requested by --key-slot option." }, { "flag": "", "long": "--token-id", "arg": null, "description": "Specify what token to use in actions token, open or resize. If omitted, all available tokens will be checked before proceeding further with passphrase prompt." }, { "flag": "", "long": "--token-only", "arg": null, "description": "Do not proceed further with action (any of token, open or resize) if token activation failed. Without the option, action asks for passphrase to proceed further." }, { "flag": "", "long": "--token-type", "arg": null, "description": "Restrict tokens eligible for operation to specific token type (name). Mostly useful when no --token-id is specified." }, { "flag": "", "long": "--sector-size", "arg": "", "description": "Set sector size for use with disk encryption. It must be power of two and in range 512 - 4096 bytes. This option is available only in the LUKS2 or plain modes. The default for plain mode is 512 bytes. For LUKS2 devices it's established during luksFormat operation based on parameters provided by underlying data device. For na‐ tive 4K block devices it's 4096 bytes. For 4K/512e (4K physical sector size with 512 bytes emulation) it's 4096 bytes. For drives reporting only 512 bytes block size it remains 512 bytes. If data device is regular file put in filesystem it's 4096 bytes. Note that if sector size is higher than underlying device hardware sector and there is not integrity protection that uses data journal, using this option can increase risk on incomplete sector writes during a power fail. If used together with --integrity option and dm-integrity journal, the atomicity of writes is guaranteed in all cases (but it cost write performance - data has to be written twice). Increasing sector size from 512 bytes to 4096 bytes can provide better performance on most of the modern storage devices and also with some hw encryption accelerators." }, { "flag": "", "long": "--iv-large-sectors", "arg": null, "description": "Count Initialization Vector (IV) in larger sector size (if set) instead of 512 bytes sectors. This option can be used only for open command and plain encryption type. NOTE: This option does not have any performance or security impact, use it only for accessing incompatible existing disk images from other systems that require this op‐ tion." }, { "flag": "", "long": "--persistent", "arg": null, "description": "If used with LUKS2 devices and activation commands like open or refresh, the specified activation flags are persistently written into metadata and used next time automati‐ cally even for normal activation. (No need to use cryptab or other system configura‐ tion files.) If you need to remove a persistent flag, use --persistent without the flag you want to remove (e.g. to disable persistently stored discard flag, use --persistent without --allow-discards). Only --allow-discards, --perf-samecpucrypt, --perf-submitfromcryptcpus, --perf-noreadworkqueue, --perf-nowriteworkqueue and --integrity-no-journal can be stored persistently." }, { "flag": "", "long": "--refresh", "arg": null, "description": "Refreshes an active device with new set of parameters. See action refresh description for more details." }, { "flag": "", "long": "--label", "arg": "