Home

cryptsetup

cryptsetup is a command-line utility for configuring disk encryption on Linux using the kernel's dm-crypt driver. It primarily provides management of LUKS volumes, but can also manage plain dm-crypt volumes. The project is part of the cryptsetup suite, used by distributions to create and manage encrypted disks and containers.

Functionality: It can create LUKS-formatted volumes (luksFormat), open and map them to a device under /dev/mapper

Workflow: A typical workflow is to initialize a partition with luksFormat, then luksOpen to create a decrypted

Administration: cryptsetup relies on libcryptsetup and the kernel's dm-crypt module. It supports scripting, key scripts, and

Security and usage notes: Important to back up LUKS headers; misplacing keys can render data inaccessible. Use

(luksOpen),
close
them
(luksClose),
and
manage
keys
(luksAddKey,
luksRemoveKey,
luksChangeKey).
It
supports
LUKS1
and
LUKS2
formats,
with
features
such
as
multiple
key
slots,
key
files,
and
passphrase-based
unlocking.
It
works
with
block
devices
and
also
with
file-based
containers
via
loop
devices.
mapping,
format
the
mapping
with
a
filesystem,
and
on
boot
unlock
via
passphrase
or
key
file;
later,
luksClose
to
secure.
integration
with
systemd-cryptsetup
or
initramfs
unlockers
in
many
distributions.
strong,
unique
passphrases
and
consider
using
keyfiles
or
hardware
tokens;
keep
system
updated;
ensure
backups.