What the ...?
Cryptsetup is utility used to conveniently setup disk encryption based on DMCrypt kernel module.
These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt (including VeraCrypt extension) format.
Project also includes veritysetup utility used to conveniently setup DMVerity block integrity checking kernel module.
LUKS is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not
only facilitate compatibility among distributions, but also provides secure management of multiple user passwords.
In contrast to existing solution, LUKS stores all setup necessary setup information in the partition header,
enabling the user to transport or migrate his data seamlessly.
Last version of the LUKS format specification is available here.
- compatiblity via standardization,
- secure against low entropy attacks,
- support for multiple keys,
- effective passphrase revocation,
CVE-2016-4484 (Initrd root shell)
This is problem in intramfs scripts only (these are not part of cryptsetup project), it is neiter bug in cryptsetup nor in LUKS.
Some distributions could add these scripts to distributed package, please check your distro updates for more info.
All release tarballs and release notes are hosted on kernel.org.
The latest cryptsetup version is 1.7.3
- Signature cryptsetup-1.7.3.tar.sign (You need to decompress file first to check signature.)
- Cryptsetup 1.7.3 Release Notes.
- Version 1.7.2 - Signature - Release Notes.
- Version 1.7.1 - Signature - Release Notes.
- Version 1.7.0 - Signature - Release Notes.
Source and API docs
For libcryptsetup documentation see libcryptsetup API page.
The libcryptsetup API/ABI changes are tracked in compatibility report.
NLS PO files are maintained by TranslationProject.
If you want to subscribe just send an empty mail to firstname.lastname@example.org.