$ git log --pretty=format:'%h %s (%cs)%d'
08293821 integritysetup: fix grow of bitmap protected devices. (2026-01-21)
(HEAD -> master, main)
9b323fae ci: Add valgrind job (2026-01-21)
22aced3c tests: Update Valgrind suppression file (2026-01-12)
4eb729da bitlk: Do not try to use empty password for password keyslots (2026-01-12)
38866462 po: update nl.po (from translationproject.org) (2026-01-09)
0abf6d56 po: update cs.po (from translationproject.org) (2026-01-09)
935a8dfe ci: Use clang-21 (2026-01-06)
1d83c6b1 ci: Remove disable Annocheck (2026-01-06)
806d3ede ci: Use Debian 13 in build (2026-01-06)
7fa4cd93 Fix wrong device size status reports in cryptsetup and integritysetup (2026-01-02)
...
$ git cat-file blob HEAD:README.md
What the ...?
=============
**Cryptsetup** is an open-source utility used to conveniently set up disk encryption based
on the [dm-crypt](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt) kernel module.
These formats are supported:
* **plain** volumes,
* **LUKS** volumes,
* **loop-AES**,
* **TrueCrypt** (including **VeraCrypt** extension),
* **BitLocker**, and
* **FileVault2**.
The project also includes a **veritysetup** utility used to conveniently setup
[dm-verity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity)
block integrity checking kernel module and **integritysetup** to setup
[dm-integrity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity)
block integrity kernel module.
LUKS Design
-----------
**LUKS** is the standard for Linux disk encryption. By providing a standardized on-disk format,
it not only facilitate compatibility among distributions, but also enables secure management
of multiple user passwords. LUKS stores all necessary setup information in the partition header,
which enables users to transport or migrate data seamlessly.
### Specification and documentation
* The latest version of the
[LUKS2 format specification](https://gitlab.com/cryptsetup/LUKS2-docs).
* The latest version of the
[LUKS1 format specification](https://cdn.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf).
* [Project home page](https://gitlab.com/cryptsetup/cryptsetup/).
* [Frequently asked questions (FAQ)](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions)
Download
--------
Release notes and tarballs are available at
[kernel.org](https://cdn.kernel.org/pub/linux/utils/cryptsetup/).
**The latest stable cryptsetup release version is 2.8.3**
* [cryptsetup-2.8.3.tar.xz](https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.8/cryptsetup-2.8.3.tar.xz)
* Signature [cryptsetup-2.8.3.tar.sign](https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.8/cryptsetup-2.8.3.tar.sign)
_(You need to decompress file first to check signature.)_
* [Cryptsetup 2.8.3 Release Notes](https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.8/v2.8.3-ReleaseNotes).
[Previous versions](https://cdn.kernel.org/pub/linux/utils/cryptsetup)
Source and API documentation
----------------------------
For development version code, please refer to the
[source](https://gitlab.com/cryptsetup/cryptsetup/tree/master) page, with mirrors
at [kernel.org](https://git.kernel.org/cgit/utils/cryptsetup/cryptsetup.git/) and
[GitHub](https://github.com/mbroz/cryptsetup).
For libcryptsetup documentation see
[libcryptsetup API](https://mbroz.fedorapeople.org/libcryptsetup_API/) page.
NLS PO files are maintained by
[TranslationProject](https://translationproject.org/domain/cryptsetup.html).
Required packages
-----------------
All major Linux distributions provide cryptsetup as a bundled package. If you need
to compile cryptsetup yourself, various additional packages are required.
Any distribution-specific build tools are preferred when manually configuring cryptsetup.
Below are the packages needed to build for certain Linux distributions:
**For Fedora**:
```
git gcc make autoconf automake gettext-devel pkgconfig openssl-devel popt-devel device-mapper-devel libuuid-devel json-c-devel libblkid-devel findutils libtool libssh-devel tar rubygem-asciidoctor
Optionally: libargon2-devel libpwquality-devel
```
To run the internal testsuite (make check) you also need to install
```
sharutils device-mapper jq vim-common expect keyutils netcat shadow-utils openssh-clients openssh sshpass
```
**For Debian and Ubuntu**:
```
git gcc make autoconf automake autopoint pkg-config libtool gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev tar asciidoctor
Optionally: libargon2-0-dev libpwquality-dev
```
To run the internal testsuite (make check) you also need to install
```
sharutils dmsetup jq xxd expect keyutils netcat-openbsd passwd openssh-client sshpass
```
Note that the list may change as Linux distributions evolve.
Compilation
-----------
The cryptsetup project uses **automake** and **autoconf** system to generate all files needed to build.
When building from a git snapshot,, use **./autogen.sh && ./configure && make**
to compile the project. When building from a release **tar.xz** tarball, the configure script
is pre-generated (no need to run **autoconf.sh**).
See **./configure --help** and use the **--disable-[feature]** and **--enable-[feature]** options.
To run the test suite that come with the project, type **make check**.
Note that most tests will need root user privileges and will run dangerous storage failure simulations.
Do **not** run tests with root privilege on production systems! Some tests will need the **scsi_debug**
kernel module to be installed.
For more details, please refer to the
[automake](https://www.gnu.org/software/automake/manual/automake.html) and
[autoconf](https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf.html) documentation.
Help!
-----
### Documentation
Please read the following before posting questions to the mailing list so that
you can ask better questions and better understand answers.
* [Frequently asked questions (FAQ)](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions),
* [LUKS Specifications](#specification-and-documentation), and
* manuals (aka man page, man pages, man-page)
The FAQ is available online and in the source code for the project. The specifications are
referenced above in this document. The man pages live within the source tree and should be
available after installation using standard man commands, e.g. **man cryptsetup**.
### Mailing List
For cryptsetup and LUKS related questions, please use the cryptsetup mailing list
[cryptsetup@lists.linux.dev](mailto:cryptsetup@lists.linux.dev),
hosted at [kernel.org subspace](https://subspace.kernel.org/lists.linux.dev.html).
To subscribe send an empty email message to
[cryptsetup+subscribe@lists.linux.dev](mailto:cryptsetup+subscribe@lists.linux.dev).
You can also browse and/or search the mailing [list archive](https://lore.kernel.org/cryptsetup/).
USEnet News (NNTP), Atom feed and git access to the public inbox is available through
[lore.kernel.org](https://lore.kernel.org) service.
The former **dm-crypt** [list archive](https://lore.kernel.org/dm-crypt/) is also available.
# heads (aka `branches'):
$ git for-each-ref --sort=-creatordate refs/heads \
--format='%(HEAD) %(refname:short) %(subject) (%(creatordate:short))'
main integritysetup: fix grow of bitmap protected devices. (2026-01-21)
* master integritysetup: fix grow of bitmap protected devices. (2026-01-21)
tcrypt-argon2 tests: Add new trcypt images for Argon2 PBKDF. (2026-01-03)
v2.8.x Version 2.8.3. (2025-12-19)
coverity_scan Version 2.8.2-rc0 (for translation). (2025-12-12)
libcrypto-env autoconf ignores LIBCRYPTO_CFLAGS, LIBCRYPTO_LIBS env. variables (2025-12-11)
vm-test WIP: print info from VMs (2025-11-19)
v2.7.x Version 2.7.5. (2024-09-02)
v2.3.x Update README. (2022-01-13)
v2.4.x Update README. (2022-01-13)
...
# tags:
$ git for-each-ref --sort=-creatordate refs/tags \
--format='%(refname:short) %(subject) (%(creatordate:short))'
v2.8.3 Version 2.8.3. (2025-12-19) tar.gz
v2.8.2 Version 2.8.2. (2025-12-18) tar.gz
v2.8.2-rc0 Version 2.8.2-rc0 (2025-12-12) tar.gz
v2.8.1 Version 2.8.1. (2025-08-19) tar.gz
v2.8.1-rc0 Version 2.8.1-rc0 (2025-08-13) tar.gz
v2.8.0 Version 2.8.0. (2025-06-24) tar.gz
v2.8.0-rc1 Version 2.8.0-rc1. (2025-06-16) tar.gz
v2.8.0-rc0 Version 2.8.0-rc0. (2025-06-03) tar.gz
v2.7.5 Version 2.7.5. (2024-09-03) tar.gz
v2.7.4 Version 2.7.4. (2024-07-30) tar.gz
...
# associated public inboxes:
# (number on the left is used for dev purposes)
116 lkml
33 qemu-devel
31 netdev
30 linux-arm-kernel
25 stable
25 u-boot
19 linux-devicetree
19 dpdk-dev
18 dri-devel
15 xen-devel
15 kvm
15 dm-crypt
14 git
14 intel-gfx
13 buildroot
11 openembedded-core
10 linux-xfs
9 alsa-devel
9 ltp
9 cluster-devel
8 linux-samsung-soc
8 linux-mm
8 linux-media
8 linux-pm
8 linuxppc-dev
8 linux-omap
7 linux-scsi
7 linux-bluetooth
7 linux-doc
7 openembedded-devel
6 linux-wireless
6 bpf
6 linux-nfs
6 linux-crypto
6 netfilter-devel
6 linux-fsdevel
6 fstests
6 linux-btrfs
6 linux-gpio
6 linux-rdma
6 linux-pci
6 amd-gfx
6 linux-arch
6 linux-perf-users
6 linux-patches
6 yocto-meta-ti
5 linux-mtd
5 linux-arm-msm
5 linux-kselftest
5 linux-iio
5 linux-ext4
5 linux-raid
5 linux-fbdev
5 linux-s390
5 linux-staging
5 intel-xe
5 lvm-devel
5 igt-dev
4 linux-block
4 linux-riscv
4 linux-mediatek
4 linux-acpi
4 linux-cifs
4 linux-erofs
4 linux-mips
4 linux-rtc
4 linux-input
4 kvmarm
4 driverdev-devel
4 linux-usb
4 linux-clk
4 linux-leds
4 linux-f2fs-devel
4 linux-serial
4 linux-man
4 linux-api
4 linux-spi
4 linux-tegra
4 lttng-dev
4 linux-rockchip
4 dm-devel
4 linux-coco
4 yocto
4 kvm-ppc
3 linux-amlogic
3 linux-iommu
3 linux-renesas-soc
3 selinux
3 linux-rt-users
3 linux-watchdog
3 linux-m68k
3 util-linux
3 linux-mmc
3 virtualization
3 linux-kbuild
3 linux-can
3 containers
3 platform-driver-x86
3 openbmc
3 linux-cxl
3 linux-sh
3 soc
3 llvm
3 yocto-toaster
3 yocto-meta-arm
3 bitbake-devel
3 yocto-meta-virtualization
3 yocto-meta-arago
3 outreachy
3 xenomai
3 openrisc
3 imx
3 b4-sent
3 batman
3 linux-um
3 qemu-riscv
3 grub-devel
3 linux-hexagon
2 linux-fscrypt
2 linux-nvme
2 linux-efi
2 linux-nvdimm
2 linux-snps-arc
2 linux-hwmon
2 dmaengine
2 linux-next
2 linux-parisc
2 linux-security-module
2 linux-modules
2 linux-ide
2 linux-trace-devel
2 rcu
2 selinux-refpolicy
2 linux-i3c
2 backports
2 linux-kernel-mentees
2 linux-csky
2 cip-dev
2 linux-i2c
2 linux-remoteproc
2 linux-sparse
2 linux-pwm
2 linux-sctp
2 lustre-devel
2 rust-for-linux
2 nouveau
2 kernel-janitors
2 sparclinux
2 linux-sunxi
2 mptcp
2 nvdimm
2 iwd
2 ofono
2 yocto-meta-freescale
2 yocto-docs
2 asahi
2 intel-wired-lan
2 kexec
2 loongarch
2 linux-trace-kernel
2 virtio-comment
2 poky
2 initramfs
2 linux-alpha
2 linux-sound
2 reiserfs-devel
2 virtio-fs
2 smatch
2 fuego
2 yocto-patches
1 cocci
1 live-patching
1 linux-integrity
1 linux-edac
1 kernel-hardening
1 kernelnewbies
1 linux-sgx
1 linux-hyperv
1 workflows
1 keys
1 linux-spdx
1 linux-wpan
1 ksummit-discuss
1 wireguard
1 io-uring
1 tpmdd-devel
1 linux-unionfs
1 linux-firmware
1 linux-audit
1 linux-dash
1 linux-bcache
1 mm-commits
1 linux-fpga
1 ceph-devel
1 xdp-newbies
1 phone-devel
1 linux-hardening
1 dash
1 keyrings
1 target-devel
1 ocfs2-devel
1 ath10k
1 ath11k
1 linux-phy
1 regressions
1 ksummit
1 b43-dev
1 linux-nfc
1 linux-bcachefs
1 ath9k-devel
1 ntfs3
1 fio
1 ell
1 chrome-platform
1 ntb
1 damon
1 ath12k
1 oe-linux-nfc
1 oe-kbuild-all
1 oe-chipsec
1 kernel-tls-handshake
1 virtio-dev
1 v9fs
1 ecryptfs
1 linux-ia64
1 kdevops
1 kbd
1 autofs
1 cpufreq
1 dccp
1 cgroups
1 devicetree-spec
1 devicetree-compiler
1 hail-devel
1 kvm-ia64
1 linux-8086
1 kernel-testers
1 linux-btrace
1 linux-embedded
1 linux-hams
1 linux-hotplug
1 linux-laptop
1 trinity
1 linux-metag
1 linux-x25
1 linux-nilfs
1 lvs-devel
1 netfilter
1 linux-oxnas
1 u-boot-amlogic
1 lm-sensors
1 acpica-devel
1 perfbook
1 x86-cpuid
1 wireless-regdb
1 powertop
1 dtrace
1 lkmm
1 barebox
1 linux-aspeed
1 kvm-riscv
1 opensbi
1 qemu-rust
1 qemu-arm
git clone https://yhbt.net/lore/pub/scm/utils/cryptsetup/cryptsetup.git