diff --git a/lib/luks2/luks2.h b/lib/luks2/luks2.h
index cf6d428d..f0ef68d8 100644
--- a/lib/luks2/luks2.h
+++ b/lib/luks2/luks2.h
@@ -378,8 +378,7 @@ int LUKS2_generate_hdr(
 	struct crypt_device *cd,
 	struct luks2_hdr *hdr,
 	const struct volume_key *vk,
-	const char *cipherName,
-	const char *cipherMode,
+	const char *cipher_spec,
 	const char *integrity,
 	const char *uuid,
 	unsigned int sector_size,
diff --git a/lib/luks2/luks2_json_format.c b/lib/luks2/luks2_json_format.c
index e7727ac3..16e06737 100644
--- a/lib/luks2/luks2_json_format.c
+++ b/lib/luks2/luks2_json_format.c
@@ -204,8 +204,7 @@ int LUKS2_generate_hdr(
 	struct crypt_device *cd,
 	struct luks2_hdr *hdr,
 	const struct volume_key *vk,
-	const char *cipherName,
-	const char *cipherMode,
+	const char *cipher_spec,
 	const char *integrity,
 	const char *uuid,
 	unsigned int sector_size,  /* in bytes */
@@ -214,7 +213,6 @@ int LUKS2_generate_hdr(
 	uint64_t keyslots_size_bytes)
 {
 	struct json_object *jobj_segment, *jobj_keyslots, *jobj_segments, *jobj_config;
-	char cipher[128];
 	uuid_t partitionUuid;
 	int r, digest;
 
@@ -245,13 +243,6 @@ int LUKS2_generate_hdr(
 
 	uuid_unparse(partitionUuid, hdr->uuid);
 
-	if (*cipherMode != '\0')
-		r = snprintf(cipher, sizeof(cipher), "%s-%s", cipherName, cipherMode);
-	else
-		r = snprintf(cipher, sizeof(cipher), "%s", cipherName);
-	if (r < 0 || (size_t)r >= sizeof(cipher))
-		return -EINVAL;
-
 	hdr->jobj = json_object_new_object();
 	if (!hdr->jobj) {
 		r = -ENOMEM;
@@ -293,7 +284,7 @@ int LUKS2_generate_hdr(
 		goto err;
 	}
 
-	jobj_segment = json_segment_create_crypt(data_offset, 0, NULL, cipher, integrity, sector_size, 0);
+	jobj_segment = json_segment_create_crypt(data_offset, 0, NULL, cipher_spec, integrity, sector_size, 0);
 	if (!jobj_segment) {
 		r = -EINVAL;
 		goto err;
diff --git a/lib/setup.c b/lib/setup.c
index f90bc8ec..11f3cb13 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -1822,6 +1822,7 @@ static int _crypt_format_luks2(struct crypt_device *cd,
 	unsigned long required_alignment = DEFAULT_DISK_ALIGNMENT;
 	unsigned long alignment_offset = 0;
 	unsigned int sector_size;
+	char cipher_spec[128];
 	const char *integrity = params ? params->integrity : NULL;
 	uint64_t data_offset_bytes, dev_size, metadata_size_bytes, keyslots_size_bytes;
 	uint32_t dmc_flags;
@@ -1974,13 +1975,22 @@ static int _crypt_format_luks2(struct crypt_device *cd,
 			goto out;
 	}
 
+	if (*cipher_mode != '\0')
+		r = snprintf(cipher_spec, sizeof(cipher_spec), "%s-%s", cipher, cipher_mode);
+	else
+		r = snprintf(cipher_spec, sizeof(cipher_spec), "%s", cipher);
+	if (r < 0 || (size_t)r >= sizeof(cipher_spec)) {
+		r = -EINVAL;
+		goto out;
+	}
+
 	r = LUKS2_hdr_get_storage_params(cd, alignment_offset, required_alignment,
 			     &metadata_size_bytes, &keyslots_size_bytes, &data_offset_bytes);
 	if (r < 0)
 		goto out;
 
 	r = LUKS2_generate_hdr(cd, &cd->u.luks2.hdr, cd->volume_key,
-			       cipher, cipher_mode,
+			       cipher_spec,
 			       integrity, uuid,
 			       sector_size,
 			       data_offset_bytes,