summaryrefslogblamecommitdiffstats
path: root/source/a/cryptsetup/crypttab.5
blob: bc4b95563f2d22d804fb0092996c1726991f1156 (plain) (tree) 
a59816a82



















































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83



















































































                                                                              
.\" -*- nroff -*-
.ds g \" empty
.ds G \" empty
.\" Like TP, but if specified indent is more than half
.\" the current line-length - indent, use the default indent.
.de Tp
.ie \\n(.$=0:((0\\$1)*2u>(\\n(.lu-\\n(.iu)) .TP
.el .TP "\\$1"
..
.TH CRYPTTAB 5 "28 Jun 2023" "Slackware Version 15.1"
.SH NAME
crypttab \- static information about LUKS volumes
.SH SYNOPSIS
.B /etc/crypttab
.SH DESCRIPTION
The file
.B crypttab
contains the information needed to open any volumes created by cryptsetup.
Although many distributions have a 
.B crypttab 
with similar syntax and options, the format described here is specific to 
Slackware.

Each volume to be opened is described on a separate line. Fields on each
line are separated by tabs or spaces. Lines starting with '#' are comments.
Blank lines are ignored.

.B crypttab
follows the following format:

.in +4
<luks_name> <device> <password> <options>
.in
.SS The first field (luks_name)
This is the name of your LUKS volume.
For example: crypt-home
.SS The second field (device)
This is the device containing your LUKS volume.
For example: /dev/sda2
.SS The third field (password)
This is either the volume password in plain text, or the name of a key 
file. Use
.B none
to interactively enter password on boot.
.SS The fourth field (options)
Comma-separated list of options. Note that there must be a password field
for any options to be picked up (use a password of 
.B none
to get a password prompt at boot). The following options are supported:
.sp
.B discard
.RS 4
This will cause --allow-discards to be passed to cryptsetup program while
opening the LUKS volume.
.RE
.sp
.B ro
.RS 4
This will cause --readonly to be passed to the cryptsetup program while 
opening the LUKS volume.
.RE
.sp
.B swap
.RS 4
This option cannot be used with other options. The device given will be
formatted as a new encrypted volume with a random key on boot, and used as
swap.
.RE
.sp
.B keyscript=<path/to/script>
.RS 4
Get the password from named script's stdout. The only parameter sent to script
is the <password> field, but the script can ignore it.
.SH FILES
.sp
\fI/etc/crypttab\fP
.SH NOTES
.sp
Only LUKS formatted volumes are supported (except for swap).
.SH AUTHOR
Piter Punk <piterpunk@slackware.com>
.SH "SEE ALSO"
.BR cryptsetup(8)
generated by cgit v1.2.3 (git 2.26.2) at 2024-05-10 19:48:07 +0000