cryptsetup is a command-line utility for managing disk volumes encrypted using the dm-crypt kernel subsystem (Linux versions 2.6 up and DragonFly BSD).
Questions tagged [cryptsetup]
236 questions
51
votes
4 answers
Using a single passphrase to unlock multiple encrypted disks at boot
My machine has an SSD, where I installed the system and an HDD, which I use as a storage for large and/or infrequently used files. Both are encrypted, but I chose to use the same passphrase for them. SSD is mounted at / and HDD at /usr/hdd…
user116402
31
votes
2 answers
List open dm-crypt LUKS volumes
If I mount a simple loop device,
losetup -a
give me the devices opened.
Is something similar possible with cryptsetup?
elbarna
- 12,050
- 22
- 92
- 170
26
votes
5 answers
How can I set a label on a dm-crypt+LUKS container?
I just received a new USB flash drive, and set up 2 encrypted partitions on it. I used dm-crypt (LUKS mode) through cryptsetup. With an additional non-encrypted partition, the drive has the following structure:
/dev/sdb1, encrypted, hiding an ext4…
John WH Smith
- 15,500
- 6
- 51
- 62
26
votes
3 answers
Why my encrypted LVM volume (LUKS device) won't mount at boot time?
I'm trying to setup an encrypted volume following this guide
Everything is setup but mounting the encrypted volume fails at boot-time with the error:
fsck.ext4: No such file or directory while trying to open
/dev/mapper/safe_vault Possibly…
pgpb.padilla
- 363
- 1
- 3
- 8
25
votes
2 answers
How to determine what encryption is being used a LUKS partition?
What command can be used to determine the used encryption on a LUKS partition (all the relevant information, initialization vector, generation scheme, mode of operation and block cipher primitive)?
user
- 2,227
- 6
- 20
- 25
25
votes
1 answer
Abysmal general dm-crypt (LUKS) write performance
I am investigating a problem where encrypting a block device imposes a huge performance penalty when writing to it. Hours of Internet reading and experiments did not provide me with a proper understanding, let alone a solution.
The question in…
schlimmchen
- 1,307
- 2
- 12
- 16
23
votes
2 answers
How can I shrink a LUKS partition, what does `cryptsetup resize` do?
I am in progress of resizing a LUKS encrypted partition that contains a single ext4 filesystem (no LVM or something). The cryptsetup FAQ recommends to remove the old partition and recreate it, but that sounds like wasting a lot time. Therefore I…
Lekensteyn
- 20,173
- 18
- 71
- 111
19
votes
1 answer
What does `cryptsetup resize` do if LUKS doesn't store partition size?
The LUKS / dm-crypt / cryptsetup FAQ page says:
2.15 Can I resize a dm-crypt or LUKS partition?
Yes, you can, as neither dm-crypt nor LUKS stores partition size.
I'm befuzzled:
What is "resized" if no size information is stored?
How does a…
Tom Hale
- 28,728
- 32
- 139
- 229
16
votes
6 answers
Unlock LUKS encrypted Debian root with key file on boot partition
I'm trying to decrypt the Debian root with a key file stored in the boot partition (decrypted partition). This will break the security, but it doesn't matter now. I have to conclude this successfully or die trying.
I have created the hooks to the…
Fusgyus
- 161
- 1
- 1
- 4
14
votes
1 answer
Unable to close a Luks partition
For backup purposes, I have "snapshotted" a LVM partition. This partition was crypted so I have opened this Luks partition (snapshot) in order to do my backup.
The problem is that I have forgotten to delete the snapshot, thus it reached 100%…
Bob Sauvage
- 311
- 1
- 4
- 13
13
votes
1 answer
"cryptsetup: ERROR: Couldn't resolve device" combined with "cryptsetup: WARNING: target 'sda3_crypt' not found in /etc/crypttab"
After setting up hibernation on ubuntu 20.04 and modifying it that it works for encrypted swap partitions, I'm getting several issues:
First, after rebooting from hibernation, I got "Gave up waiting for suspend/resume device" along with "Volume…
Andreas L.
- 275
- 1
- 3
- 9
13
votes
4 answers
independently verify that TRIM indeed works on SSD
I have a LUKS partition /dev/sda1 which I luksOpen with --allow-discards:
cryptsetup --allow-discards luksOpen /dev/sda1 root
I then mount the ext4 filesystem with discard option:
grep /dev/mapper/root /proc/mounts
/dev/mapper/root / ext4…
Martin Vegter
- 69
- 66
- 195
- 326
11
votes
1 answer
cryptsetup: verification in luksOpen is non-deterministic when reading the password from a file
I'm debugging a weird behavior of cryptsetup:
Assume the correct password is stored in the file pw. I expected now that --test-passphrase would always succeed (i.e. printing no output) if it is passed in as stdin. But it turns out that it randomly…
Philipp Claßen
- 4,689
- 7
- 29
- 41
11
votes
1 answer
crypttab and VeraCrypt
I dual boot Fedora and Windows Vista and want them to share a partition so that I can work on the same files in both Linux and Windows, and I need everything to be encrypted.
I encrypted the shared drive with VeraCrypt since TrueCrypt is out of…
anon
- 111
- 1
- 4
9
votes
2 answers
How to mount a cryptsetup container just with `mount`?
I created an encrypted container via
#!/bin/bash
dd if=/dev/zero of=$1 bs=1 count=0 seek=$2
MAPPER=$(mktemp -up /dev/mapper)
LOOPDEV=$(losetup --find --show $1)
cryptsetup luksFormat $LOOPDEV
cryptsetup luksOpen $LOOPDEV $(basename…
Tobias Kienzler
- 9,184
- 13
- 65
- 106