Debian cryptsetup boot

This can be used to disable the cryptsetup initramfs scripts for a particular boot. The initramfs scripts will also try to automatically determine the devices, if any, that are used for software suspend swsusp, suspend2 or uswsusp and to set them up during the initramfs stage in order to allow suspend and resume in combination with encryption to keep the resume image safe from potential attackers.

The same applies if you luksFormat the device, even if you use the same passphrase s. A LUKS header backup, or better a backup of the data on the derived device may be a good idea. See the Cryptsetup FAQ on how to do this right. That behavior is the default for LUKS2 devices unless opened with the --disable-keyring option since Linux 4.

If you have a keyfile on a removable device e. It will wait for the device to appear, mount it read-only, read the key and then unmount the device. If any modules are required in order to mount the filesystem on the removable device, then initramfs-tools needs to be configured to add these modules to the initramfs.

Create a file system on the mapped device. See Avoiding the extra password prompt for details and a proposed workaround. Alternatively, it can be moved to the root file system, assuming the latter is not held by any LUKS2 device. The initramfs prompt strings in this sub-section indicates commands that are executed from an initramfs shell.

Also, if you have valuable data in the root partition, then make sure you have a backup at least of the LUKS header! However if the device was created with the default parameters then in-place conversion will fail:.

The moving operation can be done from the normal system. And of course, making low entropy passphrases twice as easy to brute-force. There is a trade-off to be made here. You can reuse the existing passphrase in the above prompts. Use cryptsetup --help to show the compiled-in default random number generator. This option can be used for open --type plain or luksFormat.

Use cryptsetup --help to show the compiled-in defaults. Hence, if --offset n , and --skip s , sector n the first sector of encrypted device will get a sector number of s for the IV calculation. If the -y option is not specified, this option also switches off the passphrase verification for luksFormat. If not specified, cryptsetup tries to use the topology info provided by kernel for the underlying device to get optimal alignment.

If not available or the calculated value is a multiple of the default data is by default aligned to a 1MiB boundary i. For a detached LUKS header this option specifies the offset on the data device. See also the --header option. WARNING: This command can have a negative security impact because it can make filesystem-level operations visible on the physical device. For example, information leaking filesystem type, used space, etc. If in doubt, do not use it. A kernel version of 3.

For earlier kernels this option is ignored. NOTE: This option is available only for low-level dm-crypt performance tuning, use only if you need a change to default dm-crypt behaviour. Needs kernel 4. This option is only relevant for LUKS devices and can be used with the luksFormat , open , luksSuspend , luksResume , status and resize commands.

For luksFormat with a file name as argument to --header, it has to exist and be large enough to contain the LUKS header. See the cryptsetup FAQ for header size calculation. For other commands that change the LUKS header e. If used with luksFormat , the --align-payload option is taken as absolute sector alignment on ciphertext device and can be zero.

In fact you can specify an arbitrary device as the ciphertext device for open with the --header option. Use with care. This option applies only to luksFormat , luksAddKey and luksChangeKey and is ignored if cryptsetup is built without password quality checking support.

For more info about password quality check, see manual page for pwquality. Error codes are: 1 wrong parameters, 2 no permission bad passphrase , 3 out of memory, 4 wrong device specified, 5 device already exists or device is busy.

From a terminal : The passphrase is read until the first newline, i. The input without the newline character is processed with the default hash or the hash specified with --hash. The hash result will be truncated to the key size of the used cipher, or the size specified with -s. From stdin : Reading will continue until a newline or until the maximum input size is reached , with the trailing newline stripped.

The maximum input size is defined by the same compiled-in default as for the maximum key file size and can be overwritten using --keyfile-size option. The data read will be hashed with the default hash or the hash specified with --hash. If "plain" is used as argument to --hash, the input data will not be hashed.

Instead, it will be zero padded if shorter than the key size or truncated if longer than the key size and used directly as the binary key. This is useful for directly specifying a binary key.

No warning will be given if the amount of data read from stdin is less than the key size. From a key file : It will be truncated to the key size of the used cipher or the size given by -s and directly used as binary key. The --hash option is usable only for stdin input in plain mode. If the key file is shorter than the key, cryptsetup will quit with an error. From a terminal : The passphrase is read until the first newline and then processed by PBKDF2 without the newline character.

From stdin : LUKS will read passphrases from stdin up to the first newline character or the compiled-in maximum key file length. If --keyfile-size is given, it is ignored. From key file : The complete keyfile is read up to the compiled-in maximum size. Newline characters do not terminate the input.

The --keyfile-size option can be used to limit what is read. Passphrase processing : Whenever a passphrase is added to a LUKS header luksAddKey, luksFormat , the user may specify how much the time the passphrase processing should consume. The time is used to determine the iteration count for PBKDF2 and higher times will offer better protection for low-entropy passphrases, but open will take longer to complete.

For passphrases that have entropy higher than the used key length, higher iteration times will not increase security. The default setting of one second is sufficient for most practical cases. The only exception is a low-entropy passphrase used on a device with a slow CPU, as this will result in a low iteration count. On a slow device it may be advisable to increase the iteration time using the --iter-time option in order to obtain a higher iteration count.

This does slow down all later luksOpen operations accordingly. For the --hash option, if the crypto backend is libgcrypt, then all algorithms supported by the gcrypt library are available.

For other crypto backends some algorithms may be missing. The second type is used for the volume master key. In a low-entropy situation embedded system , this can take a very long time and potentially forever. This is a serious problem, but solving it is out of scope for a mere man-page. See urandom 4 for more information.

When device mapping is active, you can see the loop backing file in the status command output. Also see losetup 8. This is free software; see the source for copying conditions. Source file: cryptsetup. Found a problem? See the FAQ. These include plain dm-crypt volumes and LUKS volumes. The difference is that LUKS uses a metadata header and can hence offer more features than plain dm-crypt. On the other hand, the header is visible and vulnerable to damage. With plain dm-crypt there are a number of possible user errors that massively decrease security.

While LUKS cannot fix them all, it can lessen the impact for many of them. Read it. Nonetheless, some risks deserve to be mentioned here. No checks are performed, no metadata is used. There is no formatting operation. When the raw device is mapped opened , the usual device operations can be used on the mapped device, including filesystem creation. It adds a standardized header at the start of the device, a key-slot area directly behind the header and the bulk data area behind that.

The whole set is called a 'LUKS container'. For most purposes both terms can be used interchangeably. Note that if the second argument is present, then the passphrase is taken from the file given there, without the need to use the --key-file option. Also note that for both forms of reading the passphrase from file you can give '-' as file name, which results in the passphrase being read from stdin and the safety-question being skipped.

If the passphrase is not supplied via --key-file, the command prompts for it interactively.