Introduction to cryptsetup

cryptsetup is used to set up transparent encryption of block devices using the kernel crypto API.

本パッケージは LFS-8.0 において正しくビルドでき動作することが確認されています。

Package Information

cryptsetup Dependencies


libgcrypt-1.8.0, Nettle-3.3, NSS-3.32, OpenSSL-1.1.0f, popt-1.16


libpwquality-1.4.0, LVM2-2.02.171, Python-2.7.13, and passwdqc

User Notes:

Kernel Configuration

Encrypted block devies require kernel support. To use it, the appropriate kernel configuration parameters need to be set:

Device Drivers  --->
  [*] Multiple devices driver support (RAID and LVM) ---> [CONFIG_MD]
       <*/M> Device mapper support                        [CONFIG_BLK_DEV_DM]
       <*/M> Crypt target support                         [CONFIG_DM_CRYPT]

Cryptographic API  --->
  <*/M> XTS support                                       [CONFIG_CRYPTO_XTS]
  <*/M> SHA224 and SHA256 digest algorithm                [CONFIG_CRYPTO_SHA256]
  <*/M> AES cipher algorithms                             [CONFIG_CRYPTO_AES]
  <*/M> AES cipher algorithms (x86_64)                    [CONFIG_CRYPTO_AES_X86_64]
  <*/M> User-space interface for symmetric key cipher algorithms
  For tests:
  <*/M> Twofish cipher algorithm                          [CONFIG_CRYPTO_TWOFISH]

Installation of cryptsetup

Install cryptsetup by running the following commands:

./configure --prefix=/usr &&

To test the result, issue as the root user: make check

Now, as the root user:

make install

Configuring cryptsetup

Introductory instructions for configuring encrypted block devices TBD.


Installed Programs: cryptsetup and veritysetup
Installed Libraries:
Installed Directories: None

Short Descriptions


is used to setup dm-crypt managed device-mapper mappings.


is used to configure dm-verity managed device-mapper mappings. Device-mapper verity target provides read-only transparent integrity checking of block devices using kernel crypto API.

最終更新日: 2017-08-17 05:38:22 +0900