3106b4e2c1
Reported by `git ls-tree -rz --name-only | grep -Evz -e '\.(pdf|xz)$' -e ^po/ | xargs -r0 spellintian --`. All changes are documentation-related (comments, manuals, etc.) except for s/fial/fail/ in tests/unit-wipe-test. The remaining entry are AFAICT all false positives, mostly annotations such as `@param name name of xyz` or `struct foo foo`: $ git ls-tree -rz HEAD --name-only | grep -Evz -e '\.(pdf|xz)$' -e ^po/ | xargs -r0 spellintian -- COPYING.LGPL: "GNU Library Public License" -> "GNU Library General Public License" autogen.sh: echo echo (duplicate word) -> echo configure.ac: fi fi (duplicate word) -> fi docs/v1.7.2-ReleaseNotes: option option (duplicate word) -> option lib/crypto_backend/cipher_check.c: block block (duplicate word) -> block lib/libcryptsetup.h: name name (duplicate word) -> name lib/libcryptsetup.h: type type (duplicate word) -> type lib/libcryptsetup.h: passphrase passphrase (duplicate word) -> passphrase lib/libcryptsetup.h: flags flags (duplicate word) -> flags lib/libcryptsetup.h: password password (duplicate word) -> password lib/libcryptsetup.h: salt salt (duplicate word) -> salt lib/libcryptsetup.h: keyslot keyslot (duplicate word) -> keyslot lib/libcryptsetup.h: priority priority (duplicate word) -> priority lib/libcryptsetup.h: offset offset (duplicate word) -> offset lib/libcryptsetup.h: length length (duplicate word) -> length lib/libcryptsetup.h: keyfile keyfile (duplicate word) -> keyfile lib/libcryptsetup.h: token token (duplicate word) -> token lib/libcryptsetup.h: cipher cipher (duplicate word) -> cipher lib/libcryptsetup.h: size size (duplicate word) -> size lib/luks2/luks2_json_metadata.c: long long (duplicate word) -> long lib/luks2/luks2_keyslot_luks2.c: AFEKSize AFEKSize (duplicate word) -> AFEKSize lib/luks2/luks2_reencrypt.c: alignment alignment (duplicate word) -> alignment lib/luks2/luks2_reencrypt_digest.c: ptr ptr (duplicate word) -> ptr lib/luks2/luks2_reencrypt_digest.c: buffer buffer (duplicate word) -> buffer lib/luks2/luks2_segment.c: min min (duplicate word) -> min lib/verity/verity_fec.c: blocks blocks (duplicate word) -> blocks man/cryptsetup.8.adoc: LUKS LUKS (duplicate word) -> LUKS scripts/cryptsetup.conf.in: root root (duplicate word) -> root src/Makemodule.am: endif endif (duplicate word) -> endif src/cryptsetup.c: long long (duplicate word) -> long src/utils_args.c: long long (duplicate word) -> long tests/compat-test2: fi fi (duplicate word) -> fi tests/device-test: echo echo (duplicate word) -> echo tests/differ.c: long long (duplicate word) -> long tests/loopaes-test: done done (duplicate word) -> done tests/luks2-integrity-test: aead aead (duplicate word) -> aead tests/luks2-reencryption-test: fi fi (duplicate word) -> fi tests/mode-test: done done (duplicate word) -> done tests/password-hash-test: cat cat (duplicate word) -> cat tests/password-hash-test: fi fi (duplicate word) -> fi tests/unit-wipe.c: long long (duplicate word) -> long tests/verity-compat-test: done done (duplicate word) -> done tests/verity-compat-test: fi fi (duplicate word) -> fi tokens/ssh/cryptsetup-ssh.c: argp argp (duplicate word) -> argp tokens/ssh/cryptsetup-ssh.c: arguments arguments (duplicate word) -> arguments (Treated COPYING.LGPL as a false positive too since it's the exact text from https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html .)
What the ...?
Cryptsetup is a utility used to conveniently set up disk encryption based on the DMCrypt kernel module.
These include plain dm-crypt volumes, LUKS volumes, loop-AES, TrueCrypt (including VeraCrypt extension) and BitLocker formats.
The project also includes a veritysetup utility used to conveniently setup DMVerity block integrity checking kernel module and integritysetup to setup DMIntegrity block integrity kernel module.
LUKS Design
LUKS is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not
only facilitate compatibility among distributions, but also provides secure management of multiple user passwords.
LUKS stores all necessary setup information in the partition header, enabling to transport or migrate data seamlessly.
Specifications
Last version of the LUKS2 format specification is available here.
Last version of the LUKS1 format specification is available here.
Why LUKS?
- compatibility via standardization,
- secure against low entropy attacks,
- support for multiple keys,
- effective passphrase revocation,
- free.
Project home page.
Frequently asked questions (FAQ)
Download
All release tarballs and release notes are hosted on kernel.org.
The latest stable release candidate cryptsetup version is 2.5.0-rc1
- cryptsetup-2.5.0-rc1.tar.xz
- Signature cryptsetup-2.5.0-rc1.tar.sign (You need to decompress file first to check signature.)
- Cryptsetup 2.5.0-rc1 Release Notes.
The latest stable cryptsetup version is 2.4.3
- cryptsetup-2.4.3.tar.xz
- Signature cryptsetup-2.4.3.tar.sign (You need to decompress file first to check signature.)
- Cryptsetup 2.4.3 Release Notes.
Previous versions
Source and API docs
For development version code, please refer to source page, mirror on kernel.org or GitHub.
For libcryptsetup documentation see libcryptsetup API page.
The libcryptsetup API/ABI changes are tracked in compatibility report.
NLS PO files are maintained by TranslationProject.
Required packages
All distributions provide cryptsetup as distro package. If you need to compile cryptsetup yourself, some packages are required for compilation. Please always prefer distro specific build tools to manually configuring cryptsetup.
Here is the list of packages needed for the compilation of project for particular distributions:
-
For Fedora:
git gcc make autoconf automake gettext-devel pkgconfig openssl-devel popt-devel device-mapper-devel libuuid-devel json-c-devel libblkid-devel findutils libtool libssh-devel tar. Optionallylibargon2-devel libpwquality-devel. To run the internal testsuite you also need to installsharutils device-mapper jq vim-common expect keyutils netcat shadow-utils openssh-clients openssh sshpass. -
For Debian and Ubuntu:
git gcc make autoconf automake autopoint pkg-config libtool gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol1-dev libjson-c-dev libssh-dev libblkid-dev tar. Optionallylibargon2-0-dev libpwquality-dev. To run the internal testsuite you also need to installsharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass
Note that the list could change as the distributions evolve.
Compilation
The cryptsetup project uses automake and autoconf system to generate all needed files for compilation. If you check it from the git snapshot, use ./autogen.sh && ./configure && make to compile the project. If you use downloaded released *.tar.xz archive, the configure script is already pre-generated (no need to run autoconf.sh).
See ./configure --help and use --disable-* and --enable-* options.
For running the test suite that come with the project, type make check.
Note that most tests will need root user privileges and run many dangerous storage fail simulations.
Do not run tests with root privilege on production systems! Some tests will need scsi_debug kernel module to be available.
For more details, please refer to automake and autoconf manuals.
Help!
Documentation
Please read the following documentation before posting questions in the mailing list. You will be able to ask better questions and better understand the answers.
- FAQ
- LUKS Specifications
- manuals (aka man page, man pages, man-page)
The FAQ is online and in the source code for the project. The Specifications are referenced above in this document. The man pages are in source and should be available after installation using standard man commands. e.g. man cryptsetup
Mailing List
For cryptsetup and LUKS related questions, please use the cryptsetup mailing list cryptsetup@lists.linux.dev, hosted at kernel.org subspace. To subscribe send an empty mail to cryptsetup+subscribe@lists.linux.dev.
You can also browse and/or search the mailing list archive. News (NNTP), Atom feed and git access to public inbox is available through lore.kernel.org service.
The former dm-crypt list archive is also available.