The cryptsetup command is used as the front-end to LUKS and dm-crypt. The LUKS extensions to cryptsetup support various actions, including the following.
LUKS Action | Used To |
---|---|
luksFormat | Format a storage device using the LUKS encryption standard. |
isLuks | Identify if a given device is a LUKS device. |
luksOpen | Open a LUKS storage device and set it up for mapping, assuming the provided key material is accurate. |
luksClose | Remove a LUKS storage device from mapping. |
luksAddKey | Associate new key material with a LUKS device. |
luksDelKey | Remove key material from a LUKS device. |
Syntax
The syntax of the cryptsetup command is:
# cryptsetup [options] {action} [action arguments]
cryptsetup Command Examples
1. Initialize a LUKS volume (overwrites all data on the partition):
# cryptsetup luksFormat /dev/sda1
2. Open a LUKS volume and create a decrypted mapping at `/dev/mapper/{{target}}`:
# cryptsetup luksOpen /dev/sda1 target
3. Remove an existing mapping:
# cryptsetup luksClose target
4. Change the LUKS volume’s passphrase:
# cryptsetup luksChangeKey /dev/sda1
Conclusion
With the cryptsetup utility, you can set up your own LUKS-encrypted volumes for storing your most sensitive information. If the disk ever falls into the wrong hands, it won’t be as bad a situation as it would have been if the disk had been unencrypted. Breaking a LUKS-encrypted volume would take considerable effort that wouldn’t be feasible.