cryptsetup-config - Linux


cryptsetup-config is a powerful command-line tool designed to configure and manage LUKS (Linux Unified Key Setup) encrypted partitions. It provides a user-friendly interface for setting up encryption settings, such as key slots, passphrase, and encryption algorithms.


cryptsetup-config [options] [luks_device]


  • -c, –create: Create a new LUKS header on the specified device.
  • -s, –status: Display the status of the LUKS header on the device.
  • -q, –quiet: Suppress output and only return a success status.
  • -v, –verbose: Display additional information during operation.
  • –key-slot: Specify the key slot to operate on (default: 0).
  • –pbkdf: Specify the password-based key derivation function to use (default: argon2id).
  • –cipher: Specify the encryption cipher to use (default: aes-xts-plain64).
  • –hash: Specify the hash function to use for key derivation (default: sha256).
  • –use-random: Generate a random passphrase instead of prompting for one.


Creating a new LUKS header:

cryptsetup-config create /dev/my_disk

Displaying the status of a LUKS header:

cryptsetup-config status /dev/my_disk

Changing the passphrase of a LUKS key slot:

cryptsetup-config --key-slot 2 --pass-new passphrase /dev/my_disk

Using a random passphrase:

cryptsetup-config --use-random create /dev/my_disk

Common Issues

  • Incorrect passphrase: Ensure the passphrase you enter is correct. If you have forgotten the passphrase, you may need to resort to a recovery key.
  • Invalid device: Verify that the specified device is accessible and formatted.
  • Insufficient permissions: Ensure you have sufficient permissions to perform the operation.


cryptsetup-config can be used in conjunction with other Linux commands and tools, such as:

  • fdisk: Partition the disk before creating a LUKS header.
  • mkfs: Create a file system on the encrypted partition.
  • mount: Mount the encrypted partition.

Related Commands

  • cryptsetup: Manage LUKS encryption in a command-line interface.
  • luksFormat: Create and manage LUKS headers.
  • luksOpen: Open and mount LUKS encrypted partitions.