cryptsetup-create - Linux


cryptsetup-create is a powerful tool for creating encrypted partitions and configuring encryption for block devices. It enables you to secure sensitive data by leveraging various encryption algorithms and key management options.


cryptsetup-create [OPTIONS] <name> <device or path>


  • -c cipher : Specify the encryption cipher to use. Default: aes-cbc-essiv:sha256
  • -s size : Set the size of the encryption header in MiB. Default: 1MiB
  • -h hash : Select the hash algorithm for the encryption key. Default: sha256
  • -k-size : Specify the bit size of the encryption key. Default: 256
  • -t type : Define the type of encryption setup. Default: plain
  • -u UUID : Assign a UUID to the encrypted device.
  • -q: Quiet mode, suppress all warnings and prompts.
  • -v: Verbose mode, log all operations and display debugging information.
  • -h: Print usage and help information.


Create a LUKS-encrypted partition with a 512-bit key:

cryptsetup-create -c aes-xts-plain64 -s 2 -k-size 512 my_luks_partition /dev/sda3

Create an encrypted partition with a passphrase:

cryptsetup-create -t plain -c aes-cbc-essiv:sha256 my_encrypted_partition /dev/sdb4
Enter passphrase:

Create an encrypted partition with a detached header on another device:

cryptsetup-create -c aes-cbc-essiv:sha256 -s 2 -h sha512 --header /dev/sdb1 my_encrypted_partition /dev/sda3

Common Issues

  • Empty passphrase: Ensure you enter a non-empty passphrase when prompted.
  • Invalid block device: Verify that the specified device is a valid block device.
  • Insufficient permissions: Ensure you have sufficient permissions to create and access the encrypted device.
  • Existing header: If a header already exists on the device, you will need to overwrite it using the -force option.


cryptsetup-create is commonly combined with other commands to manage encrypted partitions:

  • cryptsetup: Manage encrypted partitions, including mounting and dismounting.
  • lsblk: List block devices, including encrypted and unencrypted partitions.
  • fdisk: Partition a storage device, including creating encrypted partitions.

Related Commands

  • cryptsetup: Manage encrypted devices and file systems.
  • veracrypt: An alternative disk encryption software.
  • LUKS: The Linux Unified Key Setup used for encryption by cryptsetup.