# cryptsetup `cryptsetup` is a command-line utility used for managing disk encryption on Linux systems. It is primarily used with LUKS (Linux Unified Key Setup), a standard for disk encryption that provides support for encrypting entire block devices such as hard drives and partitions. ### Key Features * **LUKS Support**: Provides support for LUKS, allowing for the secure encryption of disk volumes. * **Volume Management**: Facilitates the creation, opening, closing, and removal of encrypted volumes. * **Multiple Encryption Methods**: Supports a variety of encryption algorithms and modes. * **Password Management**: Manages passphrases for encrypted volumes and allows key slot management. ### Basic Usage The general syntax for `cryptsetup` is: ```sh cryptsetup [command] [options] [arguments] ``` * **`[command]`**: The operation to perform (e.g., `luksFormat`, `open`, `close`). * **`[options]`**: Command-specific options. * **``**: The block device or file to operate on (e.g., `/dev/sda1`, `/dev/mapper/my_volume`). ### Common Commands and Options #### 1. `luksFormat` Formats a device with LUKS encryption. ```sh cryptsetup luksFormat /dev/sdX ``` * **`/dev/sdX`**: The block device to format. Options: * **`--cipher `**: Specifies the encryption cipher (e.g., `aes-xts-plain64`). * **`--hash `**: Specifies the hash function for key derivation (e.g., `sha256`). * **`--key-size `**: Sets the size of the encryption key. #### 2. `luksOpen` Opens an encrypted device and maps it to a virtual device. ```sh cryptsetup luksOpen /dev/sdX my_volume ``` * **`/dev/sdX`**: The encrypted block device. * **`my_volume`**: The name for the mapped virtual device. Options: * **`--key-file `**: Specifies a file containing the passphrase. * **`--key-slot `**: Selects a specific key slot for opening the volume. #### 3. `luksClose` Closes an open encrypted device. ```sh cryptsetup luksClose my_volume ``` * **`my_volume`**: The name of the mapped virtual device to close. #### 4. `luksAddKey` Adds a new passphrase to an existing encrypted device. ```sh cryptsetup luksAddKey /dev/sdX ``` * Prompts for the existing passphrase and the new passphrase to add. Options: * **`--key-file `**: Specifies a file containing the new passphrase. #### 5. `luksRemoveKey` Removes an existing passphrase from an encrypted device. ```sh cryptsetup luksRemoveKey /dev/sdX ``` * Prompts for the passphrase to remove. Options: * **`--key-file `**: Specifies a file containing the passphrase to remove. #### 6. `luksDump` Displays information about a LUKS-encrypted device. ```sh cryptsetup luksDump /dev/sdX ``` * **`/dev/sdX`**: The encrypted block device. ### Advanced Features * **LUKS2 Support**: `cryptsetup` supports LUKS2, an updated version of LUKS with additional features and improved security. * **Key Management**: Manage multiple key slots, allowing different passphrases to access the same encrypted volume. * **Device Mapper Integration**: Works with the device mapper to provide transparent encryption. ### Examples #### Format a Device with LUKS ```sh cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 /dev/sdX ``` Formats `/dev/sdX` with AES encryption using a 512-bit key. #### Open an Encrypted Device ```sh cryptsetup luksOpen /dev/sdX my_volume ``` Maps the encrypted device `/dev/sdX` to `/dev/mapper/my_volume`. #### Close an Encrypted Device ```sh cryptsetup luksClose my_volume ``` Unmaps `/dev/mapper/my_volume` and closes the encrypted device. ### Summary `cryptsetup` is a versatile and essential tool for managing disk encryption on Linux systems. It supports LUKS and various encryption options, making it suitable for securing data on both physical and virtual disks. By understanding its commands and options, users can effectively create, manage, and secure encrypted volumes. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://linux-tutorial-cli.gitbook.io/linux-cli-tutorial/txt-files/file-systems-cocepts/lpic2-201/cryptsetup.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.