cryptsetup-fvault2Open - Linux


cryptsetup-fvault2Open opens an encrypted disk or partition using the FDE header format. It supports both LUKS1 and LUKS2 formats. This command is commonly used to unlock encrypted storage devices, allowing access to their contents.


cryptsetup-fvault2Open [-d] [--key-file <keyfile>] [--key-slot <slot>] [--cipher <cipher>] [--hash <hash>] [--tries <tries>] <device> <name>


  • -d: Discards the key after successful unlocking
  • –key-file : Specifies a key file to use for unlocking
  • –key-slot : Selects the key slot to use (default: 0)
  • –cipher : Specifies the cipher to use for encryption (default: aes-cbc-essiv)
  • –hash : Specifies the hash algorithm to use (default: sha256)
  • –tries : Sets the maximum number of unlocking attempts (default: 5)


Simple usage:

  • Unlock an encrypted device with key slot 1:
cryptsetup-fvault2Open --key-slot 1 /dev/sda2 my_encrypted_disk

Specifying key file and hash algorithm:

  • Unlock an encrypted partition using a key file and SHA-512 hash:
cryptsetup-fvault2Open --key-file mykey.bin --hash sha512 /dev/sda4 encrypted_partition

Discarding the key after unlocking:

  • Unlock an encrypted disk and discard the key:
cryptsetup-fvault2Open -d /dev/sdb1 important_data

Common Issues

  • Incorrect key: Make sure the key or key file used is correct.
  • Incorrect device: Verify that the specified device is the correct encrypted drive.
  • Maximum tries exceeded: Ensure that the –tries option is set to a sufficient value if multiple unlocking attempts are required.


  • Can be used with tools like cryptsetup-luksFormat to create or modify encrypted devices.
  • Can be integrated into scripts for automating disk unlocking tasks.

Related Commands

  • cryptsetup: Main command for managing encrypted devices
  • cryptsetup-fvault2Create: Creates a new FDE-encrypted partition
  • cryptsetup-fvault2Close: Closes an open FDE-encrypted partition