cryptsetup-convert - Linux


cryptsetup-convert is a Linux command used to convert an existing LUKS (Linux Unified Key Setup) encrypted partition or device to a different type of encryption. This allows users to upgrade or migrate their encrypted partitions to newer and more secure encryption algorithms.


cryptsetup-convert [options] <device_or_partition>


  • -c Encrypt the whole partition (default)
  • -c –cipher <cipher_name> Specify the encryption cipher to use
  • -s Shrink the header if possible
  • -k Add an encrypted header with passphrase
  • -t Test mode (don’t perform any changes)
  • –key-file Use a key file for passphrase
  • –key-slot Use specified key slot


Convert a LUKS partition to a new encryption cipher (e.g., aes-xts-plain64):

cryptsetup-convert --cipher aes-xts-plain64 /dev/sdc1

Add an encrypted header with a passphrase:

cryptsetup-convert -k /dev/sdc1

Test the conversion without making any changes:

cryptsetup-convert -t /dev/sdc1

Common Issues

  • Permission denied: Ensure you have sufficient permissions to modify the partition or device.
  • Device not found: Verify that the specified device or partition exists.
  • Invalid cipher: Check that the specified cipher is supported by your system.


cryptsetup-convert can be integrated with other tools like cryptsetup and dmsetup to manage and manipulate encrypted partitions and devices.

Related Commands

  • cryptsetup
  • dmsetup
  • luksdump
  • luks-header