The cryptsetup command is used as the front-end to LUKS and dm-crypt. The LUKS extensions to cryptsetup support various actions, including the following.
| LUKS Action | Used To |
|---|---|
| luksFormat | Format a storage device using the LUKS encryption standard. |
| isLuks | Identify if a given device is a LUKS device. |
| luksOpen | Open a LUKS storage device and set it up for mapping, assuming the provided key material is accurate. |
| luksClose | Remove a LUKS storage device from mapping. |
| luksAddKey | Associate new key material with a LUKS device. |
| luksDelKey | Remove key material from a LUKS device. |
Syntax
The syntax of the cryptsetup command is:
# cryptsetup [options] {action} [action arguments]
If you encounter the below error while running the cryptsetup command:
cryptsetup: command not found
you may try installing the below package as per your choice of distribution:
| OS Distribution | Command |
|---|---|
| Debian | apt-get install cryptsetup-bin |
| Ubuntu | apt-get install cryptsetup-bin |
| Alpine | apk add cryptsetup |
| Arch Linux | pacman -S cryptsetup |
| Kali Linux | apt-get install cryptsetup-bin |
| CentOS | yum install cryptsetup |
| Fedora | dnf install cryptsetup |
| Raspbian | apt-get install cryptsetup-bin |
cryptsetup Command Examples
1. Initialize a LUKS volume (overwrites all data on the partition):
# cryptsetup luksFormat /dev/sda1
2. Open a LUKS volume and create a decrypted mapping at `/dev/mapper/{{target}}`:
# cryptsetup luksOpen /dev/sda1 target
3. Remove an existing mapping:
# cryptsetup luksClose target
4. Change the LUKS volume’s passphrase:
# cryptsetup luksChangeKey /dev/sda1
Conclusion
With the cryptsetup utility, you can set up your own LUKS-encrypted volumes for storing your most sensitive information. If the disk ever falls into the wrong hands, it won’t be as bad a situation as it would have been if the disk had been unencrypted. Breaking a LUKS-encrypted volume would take considerable effort that wouldn’t be feasible.