• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

cryptsetup Command Examples in Linux

by admin

The cryptsetup command is used as the front-end to LUKS and dm-crypt. The LUKS extensions to cryptsetup support various actions, including the following.

LUKS Action Used To
luksFormat Format a storage device using the LUKS encryption standard.
isLuks Identify if a given device is a LUKS device.
luksOpen Open a LUKS storage device and set it up for mapping, assuming the provided key material is accurate.
luksClose Remove a LUKS storage device from mapping.
luksAddKey Associate new key material with a LUKS device.
luksDelKey Remove key material from a LUKS device.

Syntax

The syntax of the cryptsetup command is:

# cryptsetup [options] {action} [action arguments]

cryptsetup Command Examples

1. Initialize a LUKS volume (overwrites all data on the partition):

# cryptsetup luksFormat /dev/sda1

2. Open a LUKS volume and create a decrypted mapping at `/dev/mapper/{{target}}`:

# cryptsetup luksOpen /dev/sda1 target

3. Remove an existing mapping:

# cryptsetup luksClose target

4. Change the LUKS volume’s passphrase:

# cryptsetup luksChangeKey /dev/sda1
Note: cryptsetup is used to conveniently setup dm-crypt managed device-mapper mappings. These include plain dm-crypt volumes and LUKS volumes. The difference is that LUKS uses a metadata header and can hence offer more features than plain dm-crypt. On the other hand, the header is visible and vulnerable to damage.

Conclusion

With the cryptsetup utility, you can set up your own LUKS-encrypted volumes for storing your most sensitive information. If the disk ever falls into the wrong hands, it won’t be as bad a situation as it would have been if the disk had been unencrypted. Breaking a LUKS-encrypted volume would take considerable effort that wouldn’t be feasible.

Filed Under: Linux

Some more articles you might also be interested in …

  1. How to Set a Custom Interface Name with NetworkManager in CentOS/RHEL 7
  2. Extend the size of /boot partition on virtualized environment (CentOS/RHEL 6)
  3. CentOS / RHEL 6 : How to configure kdump
  4. How to extract RPM package without installing it
  5. Mac Terminal diskutil Command Examples
  6. mkswap Command Examples in Linux
  7. CentOS / RHEL : How to find free space in a Volume Group in LVM
  8. Linux OS Service ‘scsi_reserve’
  9. dirb: command not found
  10. CentOS / RHEL 7 : How to enable telnet for a group of users

You May Also Like

Primary Sidebar

Recent Posts

  • protonvpn-cli Command Examples in Linux
  • protonvpn-cli connect Command Examples
  • procs Command Examples in Linux
  • prlimit: command not found

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright