Cryptsetup is a utility used to conveniently set up disk encryption based on the DMCrypt kernel module.
These include plain dm-crypt volumes, LUKS volumes, loop-AES, TrueCrypt (including VeraCrypt extension) and BitLocker formats.
The project also includes a veritysetup utility used to conveniently setup DMVerity block integrity checking kernel module and integritysetup to setup DMIntegrity block integrity kernel module.
LUKS is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not
only facilitate compatibility among distributions, but also provides secure management of multiple user passwords.
LUKS stores all necessary setup information in the partition header, enabling to transport or migrate data seamlessly.
Last version of the LUKS2 format specification is available here.
Last version of the LUKS1 format specification is available here.
- compatibility via standardization,
- secure against low entropy attacks,
- support for multiple keys,
- effective passphrase revocation,
- free.
All release tarballs and release notes are hosted on kernel.org.
The latest stable cryptsetup version is 2.3.5
- cryptsetup-2.3.5.tar.xz
- Signature cryptsetup-2.3.5.tar.sign (You need to decompress file first to check signature.)
- Cryptsetup 2.3.5 Release Notes.
Previous versions
For development version code, please refer to source page, mirror on kernel.org or GitHub.
For libcryptsetup documentation see libcryptsetup API page.
The libcryptsetup API/ABI changes are tracked in compatibility report.
NLS PO files are maintained by TranslationProject.
All distributions provide cryptsetup as distro package. If you need to compile cryptsetup youfself, some packages are required for compilation. Please always prefer distro specific build tools to manually configuring cryptsetup.
Fo available compile options, check configure --help for more info. If you are using a git snapshot, you need to generate configure script with autogen.sh script.
Here is the list of packages needed for the compilation of project for particular distributions:
-
For Fedora: git, gcc, make, autoconf, automake, gettext-devel, pkgconfig, openssl-devel, popt-devel, device-mapper-devel, libuuid-devel, json-c-devel, libblkid-devel, libargon2-devel (optional), libpwquality-devel (optional). To run internal testsuite, you also need sharutils, device-mapper, jq, xxd, expect and keyutils packages.
-
For Debian and Ubuntu: git, gcc, make, autoconf, automake, autopoint, pkg-config, libtool, gettext, libssl-dev, libdevmapper-dev, libpopt-dev, uuid-dev, libsepol1-dev, libjson-c-dev, libargon2-0-dev (optional), libpwquality-dev (optional) and libblkid-dev. To run internal testsuite, you also need sharutils, dmsetup, jq, xxd, expect and keyutils packages.
Note that the list could change as distributions evolve.
Please always read FAQ first. For cryptsetup and LUKS related questions, please use the dm-crypt mailing list, [email protected].
If you want to subscribe just send an empty mail to [email protected].
You can also browse list archive or read and search it through web interface on lore.kernel.org or alternatively on marc.info.