Man Pages

crypttab(5) - phpMan crypttab(5) - phpMan

Command: man perldoc info search(apropos)  

crypttab(5)                                                        crypttab(5)

       /etc/crypttab - encrypted block device table

       The /etc/crypttab file describes encrypted block devices that are set up during system boot.

       Empty  lines  and  lines  starting with the # character are ignored.  Each of the remaining lines describes one
       encrypted block device, fields on the line are delimited by white space.  The first two fields  are  mandatory,
       the remaining two are optional.

       The  first  field  contains the name of the resulting encrypted block device; the device is set up at /dev/map-

       The second field contains a path to the underlying block device.  If the block device contains  a  LUKS  signa-
       ture, it is opened as a LUKS encrypted partition; otherwise it is assumed to be a raw dm-crypt partition.

       The third field specifies the encryption password.  If the field is not present or the password is set to none,
       the password has to be manually entered during system boot.  Otherwise the field is interpreted as a path to  a
       file containing the encryption password.  This field does not support spaces, whether escaped with back slashes
       or quotes.  Back slashes or quotes will cause this field to be interpreted as a path to a  password  file.   If
       you  wish  to  use  a password with spaces in it, please use a password file.  If using a password file, please
       note that the entire contents of the password file is used, including new lines and  non-printable  characters.
       A password file without a line feed can be created with the "echo" command's "-n" option.  For example: echo -n
       "pass phrase" > MyPasswordFile For swap encryption /dev/urandom  can  be  used  as  the  password  file;  using
       /dev/random  may  prevent boot completion if the system does not have enough entropy to generate a truly random
       encryption key.

       The fourth field, if present, is a comma-delimited list of options.  The following options are recognized:

              Specifies the cipher to use; see cryptsetup(8) for possible values and the default value of this option.
              A cipher with unpredictable IV values, such as aes-cbc-essiv:sha256, is recommended.

              Specifies  the  key  size  in  bits; see cryptsetup(8) for possible values and the default value of this

              Specifies the hash to use for password hashing; see cryptsetup(8) for possible values  and  the  default
              value of this option.

       verify If the the encryption password is read from console, it has to be entered twice (to prevent typos).

       swap   The  encrypted  block device will be used as a swap partition, and will be formatted as a swap partition
              after setting up the encrypted block device.  The underlying block device will be formatted again as  an
              unencrypted  swap  partition after destroying the encrypted block device.  (This allows sharing a single
              swap partition between operating system installations, with some of them encrypting the swap  partitions
              and some of them not.)

              WARNING:  Using  the  swap option will destroy the contents of the named partition during every boot, so
              make sure the underlying block device is specified correctly.

       tmp    The encrypted block device will be prepared for using it as tmp partition: it will  be  formatted  using
              mke2fs and its root directory will be set to mode 01777.  The warning about the swap option applies here
              as well.

       No options can be specified for LUKS encrypted partitions.

       The /etc/crypttab file format is based on the Debian cryptsetup package, and is intended to be compatible.


                                   Jul 2006                        crypttab(5)