pub/scm/utils/cryptsetup/cryptsetup.git  about / heads / tags
The cryptsetup code repository.
$ git log --pretty=format:'%h %s (%cs)%d'
9b822800 tests: Use only PBKDF2 in api-test-2 images (FIPS with OpenSSL 3.2+) (2024-05-13)
	(HEAD -> master, main)
0d6d4e42 tests: Use only PBKDF2 in luks2_keyslot_unassigned.img (FIPS with OpenSSL 3.2+) (2024-05-13)
a8e5bb0e tests: Fix redundant test number in compat-test2 (2024-05-13)
aa69fc34 tests: Skip zoned test if kernel does not support it (2024-05-13)
d0678c20 tests: Remove leftover debug parameter. (2024-05-13)
c21ccd89 Add tests for --key-description and --new-key-description. (2024-05-10)
0f20e14c Rename TOKEN to KEY_DESC to be used in different context later. (2024-05-10)
1e58ad57 Add --key-description and --new-key-description for luksAddKey command. (2024-05-10)
73975857 Add --key-description for luksResume command. (2024-05-10)
3c79fd6c Add --key-description for open command. (2024-05-10)
...

$ git cat-file blob HEAD:README.md
![LUKS logo](https://gitlab.com/cryptsetup/cryptsetup/wikis/luks-logo.png)

What the ...?
=============
**Cryptsetup** is an open-source utility used to conveniently set up disk encryption based
on the [dm-crypt](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt) kernel module.

These formats are supported:
  * **plain** volumes,
  * **LUKS** volumes,
  * **loop-AES**,
  * **TrueCrypt** (including **VeraCrypt** extension),
  * **BitLocker**, and
  * **FileVault2**.

The project also includes a **veritysetup** utility used to conveniently setup
[dm-verity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity)
block integrity checking kernel module and **integritysetup** to setup
[dm-integrity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity)
block integrity kernel module.

LUKS Design
-----------
**LUKS** is the standard for Linux disk encryption. By providing a standardized on-disk format,
it not only facilitate compatibility among distributions, but also enables secure management
of multiple user passwords. LUKS stores all necessary setup information in the partition header,
which enables users to transport or migrate data seamlessly.

### Specification and documentation
  * The latest version of the
  [LUKS2 format specification](https://gitlab.com/cryptsetup/LUKS2-docs).
  * The latest version of the
  [LUKS1 format specification](https://www.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf).
  * [Project home page](https://gitlab.com/cryptsetup/cryptsetup/).
  * [Frequently asked questions (FAQ)](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions)

Download
--------
Release notes and tarballs are available at
[kernel.org](https://www.kernel.org/pub/linux/utils/cryptsetup/).

**The latest stable cryptsetup release version is 2.7.2**
  * [cryptsetup-2.7.2.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-2.7.2.tar.xz)
  * Signature [cryptsetup-2.7.2.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-2.7.2.tar.sign)
    _(You need to decompress file first to check signature.)_
  * [Cryptsetup 2.7.2 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.2-ReleaseNotes).

Previous versions
 * [Version 2.6.1](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.xz) -
   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.sign) -
   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/v2.5.0-ReleaseNotes).
 * [Version 1.7.5](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.xz) -
   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.sign) -
   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.5-ReleaseNotes).

Source and API documentation
----------------------------
For development version code, please refer to the
[source](https://gitlab.com/cryptsetup/cryptsetup/tree/master) page, with mirrors
at [kernel.org](https://git.kernel.org/cgit/utils/cryptsetup/cryptsetup.git/) and
[GitHub](https://github.com/mbroz/cryptsetup).

For libcryptsetup documentation see
[libcryptsetup API](https://mbroz.fedorapeople.org/libcryptsetup_API/) page.

NLS PO files are maintained by
[TranslationProject](https://translationproject.org/domain/cryptsetup.html).

Required packages
-----------------
All major Linux distributions provide cryptsetup as a bundled package. If you need
to compile cryptsetup yourself, various additional packages are required.
Any distribution-specific build tools are preferred when manually configuring cryptsetup.

Below are the packages needed to build for certain Linux distributions:

**For Fedora**:
```
git gcc make autoconf automake gettext-devel pkgconfig openssl-devel popt-devel device-mapper-devel
libuuid-devel json-c-devel libblkid-devel findutils libtool libssh-devel tar

Optionally: libargon2-devel libpwquality-devel
```
To run the internal testsuite (make check) you also need to install
```
sharutils device-mapper jq vim-common expect keyutils netcat shadow-utils openssh-clients openssh sshpass
```

**For Debian and Ubuntu**:
```
git gcc make autoconf automake autopoint pkg-config libtool gettext libssl-dev libdevmapper-dev
libpopt-dev uuid-dev libsepol1-dev libjson-c-dev libssh-dev libblkid-dev tar

Optionally: libargon2-0-dev libpwquality-dev
```
To run the internal testsuite (make check) you also need to install
```
sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass
```

Note that the list may change as Linux distributions evolve.

Compilation
-----------
The cryptsetup project uses **automake** and **autoconf** system to generate all files needed to build.
When building from a git snapshot,, use **./autogen.sh && ./configure && make**
to compile the project. When building from a release **tar.xz** tarball, the configure script
is pre-generated (no need to run **autoconf.sh**).
See **./configure --help** and use the **--disable-[feature]** and **--enable-[feature]** options.

To run the test suite that come with the project, type **make check**.
Note that most tests will need root user privileges and will run dangerous storage failure simulations.
Do **not** run tests with root privilege on production systems! Some tests will need the **scsi_debug**
kernel module to be installed.

For more details, please refer to the
[automake](https://www.gnu.org/software/automake/manual/automake.html) and
[autoconf](https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf.html) documentation.

Help!
-----
### Documentation
Please read the following before posting questions to the mailing list so that
you can ask better questions and better understand answers.

* [Frequently asked questions (FAQ)](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions),
* [LUKS Specifications](#specification-and-documentation), and
* manuals (aka man page, man pages, man-page) 

The FAQ is available online and in the source code for the project. The specifications are
referenced above in this document. The man pages live within the source tree and should be
available after installation using standard man commands, e.g. **man cryptsetup**.

### Mailing List
For cryptsetup and LUKS related questions, please use the cryptsetup mailing list
[cryptsetup@lists.linux.dev](mailto:cryptsetup@lists.linux.dev),
hosted at [kernel.org subspace](https://subspace.kernel.org/lists.linux.dev.html).
To subscribe send an empty email message to
[cryptsetup+subscribe@lists.linux.dev](mailto:cryptsetup+subscribe@lists.linux.dev).

You can also browse and/or search the mailing [list archive](https://lore.kernel.org/cryptsetup/).
USEnet News (NNTP), Atom feed and git access to the public inbox is available through
[lore.kernel.org](https://lore.kernel.org) service.

The former **dm-crypt** [list archive](https://lore.kernel.org/dm-crypt/) is also available.

# heads (aka `branches'):
$ git for-each-ref --sort=-creatordate refs/heads \
	--format='%(HEAD) %(refname:short) %(subject) (%(creatordate:short))'
  main         tests: Use only PBKDF2 in api-test-2 images (FIPS with OpenSSL 3.2+) (2024-05-13)
* master       tests: Use only PBKDF2 in api-test-2 images (FIPS with OpenSSL 3.2+) (2024-05-13)
  man-psid     Mention need for possible PSID reset for some OPAL drives in man page. (2024-05-13)
  fix-capi-plain Allow "capi:" cipher format for benchmark command. (2024-05-11)
  fix-retry    Fix interactive query retry if LUKS2 unbound keyslot is present (2024-05-10)
  hctr2-fix    Support aes-hctr2 mode. (2024-05-09)
  spdx         Reorganize license files. (2024-05-07)
  high-priority-flags WIP: Add support for high-priority dm-crypt flag. (2024-04-09)
  v2.7.x       Add warning about OPAL admin PIN to man page and release notes. (2024-04-09)
  coverity_scan Compile --disable-hw-opal variant. (2024-04-03)
...

# tags:
$ git for-each-ref --sort=-creatordate refs/tags \
	--format='%(refname:short) %(subject) (%(creatordate:short))'
v2.7.2       Version 2.7.2. (2024-04-09) tar.gz
v2.7.1       Version 2.7.1. (2024-03-07) tar.gz
v2.7.0       Version 2.7.0. (2024-01-24) tar.gz
v2.7.0-rc1   Version v2.7.0-rc1. (2023-12-20) tar.gz
v2.7.0-rc0   Version 2.7.0-rc0. (2023-11-29) tar.gz
v2.6.1       Version 2.6.1. (2023-02-09) tar.gz
v2.6.0       Version 2.6.0. (2022-11-28) tar.gz
v2.6.0-rc0   Version 2.6.0-rc0. (2022-11-18) tar.gz
v2.5.0       Version 2.5.0. (2022-07-28) tar.gz
v2.5.0-rc1   Version 2.5.0-rc1. (2022-07-14) tar.gz
...

# associated public inboxes:
# (number on the left is used for dev purposes)
        114 lkml
         32 qemu-devel
         30 netdev
         29 linux-arm-kernel
         25 stable
         23 u-boot
         17 linux-devicetree
         17 dpdk-dev
         16 dri-devel
         15 dm-crypt
         14 kvm
         13 xen-devel
         13 git
         12 intel-gfx
         12 buildroot
         10 openembedded-core
          9 linux-xfs
          9 alsa-devel
          9 cluster-devel
          8 ltp
          7 linux-samsung-soc
          7 linux-pm
          7 linux-scsi
          7 linuxppc-dev
          7 linux-omap
          6 linux-nfs
          6 linux-mm
          6 linux-media
          6 linux-bluetooth
          6 openembedded-devel
          5 linux-wireless
          5 bpf
          5 linux-crypto
          5 netfilter-devel
          5 linux-fsdevel
          5 fstests
          5 linux-btrfs
          5 linux-rdma
          5 linux-pci
          5 linux-doc
          5 amd-gfx
          5 linux-arch
          5 linux-raid
          5 linux-perf-users
          5 linux-patches
          5 yocto-meta-ti
          5 lvm-devel
          4 linux-mtd
          4 linux-arm-msm
          4 driverdev-devel
          4 linux-kselftest
          4 linux-iio
          4 linux-gpio
          4 linux-ext4
          4 linux-f2fs-devel
          4 linux-man
          4 lttng-dev
          4 dm-devel
          4 linux-fbdev
          4 linux-s390
          4 yocto
          4 kvm-ppc
          4 ../../../../../igt-dev
          3 linux-block
          3 linux-riscv
          3 linux-mediatek
          3 linux-acpi
          3 linux-cifs
          3 linux-erofs
          3 linux-mips
          3 linux-rtc
          3 linux-input
          3 kvmarm
          3 selinux
          3 linux-clk
          3 linux-leds
          3 linux-serial
          3 util-linux
          3 linux-api
          3 linux-spi
          3 linux-tegra
          3 linux-can
          3 containers
          3 linux-rockchip
          3 platform-driver-x86
          3 linux-staging
          3 linux-coco
          3 yocto-toaster
          3 outreachy
          3 intel-xe
          3 qemu-riscv
          2 linux-fscrypt
          2 linux-nvme
          2 linux-amlogic
          2 linux-nvdimm
          2 linux-iommu
          2 linux-usb
          2 linux-renesas-soc
          2 linux-security-module
          2 linux-modules
          2 linux-rt-users
          2 linux-ide
          2 linux-watchdog
          2 linux-trace-devel
          2 selinux-refpolicy
          2 linux-m68k
          2 backports
          2 linux-mmc
          2 linux-i2c
          2 linux-remoteproc
          2 linux-sparse
          2 virtualization
          2 linux-kbuild
          2 openbmc
          2 linux-sctp
          2 linux-cxl
          2 lustre-devel
          2 linux-sh
          2 soc
          2 nouveau
          2 kernel-janitors
          2 nvdimm
          2 llvm
          2 iwd
          2 yocto-meta-freescale
          2 yocto-meta-arm
          2 bitbake-devel
          2 yocto-meta-virtualization
          2 yocto-meta-arago
          2 xenomai
          2 asahi
          2 openrisc
          2 intel-wired-lan
          2 kexec
          2 batman
          2 linux-um
          2 virtio-comment
          2 poky
          2 grub-devel
          2 linux-hexagon
          2 reiserfs-devel
          2 virtio-fs
          2 smatch
          2 ../../../../../fuego
          1 cocci
          1 live-patching
          1 linux-efi
          1 linux-integrity
          1 linux-edac
          1 linux-snps-arc
          1 linux-hwmon
          1 kernel-hardening
          1 dmaengine
          1 linux-next
          1 linux-parisc
          1 kernelnewbies
          1 linux-sgx
          1 linux-hyperv
          1 workflows
          1 rcu
          1 linux-i3c
          1 linux-spdx
          1 linux-wpan
          1 ksummit-discuss
          1 wireguard
          1 io-uring
          1 linux-kernel-mentees
          1 linux-csky
          1 tpmdd-devel
          1 linux-unionfs
          1 linux-firmware
          1 cip-dev
          1 linux-audit
          1 linux-dash
          1 linux-bcache
          1 mm-commits
          1 linux-pwm
          1 linux-fpga
          1 ceph-devel
          1 xdp-newbies
          1 phone-devel
          1 linux-hardening
          1 dash
          1 keyrings
          1 target-devel
          1 ocfs2-devel
          1 rust-for-linux
          1 ath10k
          1 ath11k
          1 linux-phy
          1 sparclinux
          1 linux-sunxi
          1 mptcp
          1 regressions
          1 ksummit
          1 b43-dev
          1 linux-nfc
          1 linux-bcachefs
          1 ath9k-devel
          1 ntfs3
          1 fio
          1 ell
          1 ofono
          1 yocto-docs
          1 chrome-platform
          1 ntb
          1 damon
          1 loongarch
          1 imx
          1 ath12k
          1 b4-sent
          1 linux-trace-kernel
          1 oe-linux-nfc
          1 oe-kbuild-all
          1 oe-chipsec
          1 virtio-dev
          1 v9fs
          1 ecryptfs
          1 linux-ia64
          1 kbd
          1 autofs
          1 cpufreq
          1 dccp
          1 cgroups
          1 devicetree-spec
          1 devicetree-compiler
          1 initramfs
          1 hail-devel
          1 kvm-ia64
          1 linux-8086
          1 kernel-testers
          1 linux-alpha
          1 linux-btrace
          1 linux-embedded
          1 linux-hams
          1 linux-hotplug
          1 linux-laptop
          1 linux-sound
          1 trinity
          1 linux-metag
          1 linux-x25
          1 linux-nilfs
          1 lvs-devel
          1 netfilter
          1 linux-oxnas
          1 u-boot-amlogic
          1 lm-sensors
          1 acpica-devel
          1 perfbook
          1 ../../../../../wireless-regdb
          1 ../../../../../powertop

git clone https://yhbt.net/lore/pub/scm/utils/cryptsetup/cryptsetup.git