Crypttab

From LQWiki
Jump to navigation Jump to search

crypttab is a configuration file on Linux systems, located at /etc/crypttab. It contains a table of encrypted partitions to be setup during boot.

Format

The format of every line is

[Volume]		[Encrypted Device]				[Key]			[Options]

A typical crypttab can look like this:

home			/dev/sda3					/etc/home-luks.key			# encrypted home filesystem. encrypted partition referred to with its kernel name. no special options given.
swap0			UUID=7f70192f-2bb6-4224-a692-25f310d2fb26	/dev/urandom		swap		# create an encrypted swap on a partition specified with a UUID].
backup			UUID=0b7cad77-d74e-455f-a866-cb6826274109	-				

Volume

This is the label the encrypted partition will be mapped to, where it will act as a normal, unencrypted block device. It will become available at /dev/mapper/<volume name>.

Encrypted Device

This should refer to the block device you want to be setup. It can be a UUID or path to a block device.

Key

The given keyfile will be used to unlock the partition. "-" or "none" can be given, which will cause the keyfile to be searched for in /etc/cryptsetup-keys.d and /run/cryptsetup-keys.d. If it is not found, it will request a password instead.

Options

Given options will change how cryptsetup(8) sets up the block device. Here are some common options:

  • header= - Specify header in a separate file or device.
  • noauto - Do not automatically unlock on boot.
  • readonly - Setup encrypted device as read-only.
  • nofail - The device won't be a hard dependency; it will be unlocked asynchronously, and the system will continue booting if unlocking fails.
  • swap - The device will be made ready to be used as swap. This will destroy all data on the block device.
  • tmp= - Similar to the swap option, the device will be made ready to be used as a temporary filesystem. A filesystem can be given, otherwise defaults to ext4. This will destroy all data on the block device.

See Also