cryptsetup

linux

Manage plain `dm-crypt` and LUKS (Linux Unified Key Setup) encrypted volumes. Some subcommands such as `luksFormat` have their own usage documentation.

More info →

Subcommands (2)

cryptsetup luksFormat

Initialize a LUKS partition and the initial key slot (0) with a passphrase or keyfile. Note: This operation overwrites all data on the partition.

→

cryptsetup open

Create a decrypted mapping of an encrypted volume. Note: With TRIM enabled, minimal data leakage in form of freed block information, perhaps sufficient to determine the filesystem in use may occur. However, you still most likely want to enable it, because the data inside is still safe and SSDs without TRIM will wear out faster.

→

Examples (6)

Initialize a LUKS volume with a passphrase (overwrites all data on the partition)

cryptsetup luksFormat /dev/sdXY

Open a LUKS volume and create a decrypted mapping at `/dev/mapper/mapping_name`

cryptsetup open /dev/sdXY mapping_name

Display information about a mapping

cryptsetup status mapping_name

Remove an existing mapping

cryptsetup close mapping_name

Change a LUKS volume's passphrase

cryptsetup luksChangeKey /dev/sdXY

Display LUKS header information and key slot metadata of an encrypted device

cryptsetup luksDump /dev/sdXY

made by @shridhargupta | data from tldr-pages