Truecrypt key file12/11/2023 Opens the FVAULT2 (a FileVault2 compatible) and sets up a mapping. Opens the BITLK (a BitLocker compatible) and sets up a mapping. For normal mapping, it can cause the destruction of hidden volume (hidden volume appears as unused space for outer volume so this space can be discarded). WARNING: Option -allow-discards cannot be combined with option -tcrypt-hidden. If you use -header in combination with hidden or system options, the header file must contain specific headers on the same positions as the original encrypted container. This could speed up unlocking the device (but also it reveals some information about the container). If -cipher or -hash options are used, only cipher chains or PBKDF2 variants with the specified hash algorithms are checked. Note that using keyfiles is compatible with TCRYPT and is different from Luks keyfile logic. The keyfile parameter allows a combination of file content with the passphrase and can be repeated. Opens the TCRYPT (TrueCrypt and VeraCrypt compatible) and sets up a mapping. Use -hash to override the default hash function for passphrase hashing (otherwise it is detected according to key size). If the original device used an offset and but did not use it in IV sector calculations, you have to explicitly use -skip 0 in addition to the offset parameter. Note that the units need to be specified in number of 512 byte sectors. Use -keyfile-size to specify the proper key length if needed. If you need it in script, just use the pipe redirection:Įcho $keyfile | cryptsetup loopaesOpen -key-file=. WARNING: The loop-AES extension cannot use the direct input of the key file on the real terminal because the keys are separated by end-of-line and only part of the multi-key file would be read. Gpg -decrypt | cryptsetup loopaesOpen -key-file=. If the key file is encrypted with GnuPG, then you have to use -key-file=- and decrypt it before use, e.g., like this: Opens the loop-AES and sets up a mapping. If there is valid LUKS2 token but it requires PIN to unlock assigned keyslot, it is not used unless one of following options is added: -token-only, -token-type where type matches desired PIN protected token or -token-id with id matching PIN protected token. If such token does not exist (or fails to unlock keyslot) and also the passphrase is not supplied via -key-file, the command prompts for passphrase interactively. Opens the LUKS device and sets up a mapping after successful verification of the supplied passphrase.įirst, the passphrase is searched in LUKS2 tokens unprotected by PIN. Įxample: 'cryptsetup open -type plain /dev/sda10 e1' maps the raw encrypted device /dev/sda10 to the mapped (decrypted) device /dev/mapper/e1, which can then be mounted, fsck-ed or have a filesystem created on it. For create, the order of the and options is inverted for historical reasons, all other aliases use the standard order. ![]() are type specific and are described below for individual device types. ĭevice type can be plain, luks (default), luks1, luks2, loopaes or tcrypt.įor backward compatibility there are open command aliases:Ĭreate (argument-order ): open -type plain Opens (creates a mapping with) backed by device. Open an encrypted device and create a mapping with a specified name Synopsis
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |