eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
917b6836a9645f23c75647531acd51ce426e5d14
cryptsetup/man/cryptsetup-token.8.adoc
Milan Broz 360f85dde7 man: Grammar and simple stylistic fixes. 
This is based mainly on Grammarly.

It unifies man pages to at least some level of grammar,
so later we can focus on adding more readable content.
2025-07-17 15:01:39 +02:00

46 lines
2.0 KiB
Plaintext
Raw Blame History

= cryptsetup-token(8)
:doctype: manpage
:manmanual: Maintenance Commands
:mansource: cryptsetup {release-version}
:man-linkstyle: pass:[blue R < >]
:COMMON_OPTIONS:
:ACTION_TOKEN:
== Name
cryptsetup-token - manage LUKS2 tokens
== SYNOPSIS
*cryptsetup _token_ <add|remove|import|export|unassign> [<options>] <device>*
== DESCRIPTION
Action _add_ creates a new keyring token to enable auto-activation of the device.
For the auto-activation, the passphrase must be stored in the keyring with the specified description.
Usually, the passphrase should be stored in the _user_ or _user-session_ keyring.
The _token_ command is supported only for LUKS2.
For adding a new keyring token, the option --key-description is mandatory.
Also, a new token is assigned to the keyslot specified with --key-slot option or to all active keyslots if the --key-slot option is omitted.
To remove an existing token, specify the token ID that should be removed with --token-id option.
*WARNING:* The action _token remove_ removes any token type, not just _keyring_ type from token slot specified by --token-id option.
Action _import_ can store an arbitrary valid JSON data in the LUKS2 token.
It may be passed via standard input or a file passed in --json-file option.
If you specify --key-slot, a successfully imported token is also assigned to the keyslot.
Action _export_ writes requested token JSON to a file passed with --json-file or to standard output.
Action _unassign_ removes token binding to specified keyslot.
Both token and keyslot must be specified by --token-id and --key-slot parameters.
If --token-id is used with action _add_ or action _import_ and a token with that ID already exists, option --token-replace can replace the existing token.
*<options>* can be [--header, --token-id, --key-slot, --key-description, --disable-external-tokens, --disable-locks, --disable-keyring, --json-file, --token-replace, --unbound, --external tokens-path].
include::man/common_options.adoc[]
include::man/common_footer.adoc[]
Reference in New Issue View Git Blame Copy Permalink