cryptsetup-lukskillslot - Linux

Overview

cryptsetup-lukskillslot is a utility for managing key slots in LUKS disk encryption headers. It allows users to add, delete, and modify key slots for unlocking encrypted partitions.

Syntax

cryptsetup lukskillslot [--key-file KEY_FILE] [OPTION...] DEVICE [-- LUKS_ARG]...

Options/Flags

• –key-file KEY_FILE
  Specifies the path to the key file containing the encryption key for the key slot.
• –add
  Adds a new key slot to the LUKS header.
• –delete
  Deletes the specified key slot from the LUKS header.
• –modify
  Modifies the specified key slot in the LUKS header.
• –clear
  Clears the specified key slot in the LUKS header, overwriting it with zeroes.
• –set-flags
  Sets the specified slot flags for the specified key slot.
• –unset-flags
  Unsets the specified slot flags for the specified key slot.
• –verify-password
  Prompts the user to enter the password for the specified key slot and verifies it.
• –help
  Displays a help message and exits.

Examples

Adding a Key Slot

cryptsetup --key-file /path/to/keyfile luksaddkey /dev/sda3

Deleting a Key Slot

cryptsetup --key-file /path/to/keyfile lukskillkey /dev/sda3 -d 1

Modifying a Key Slot

cryptsetup --key-file /path/to/keyfile lukskeyaddkey /dev/sda3 -m 1 --key-file /path/to/newkeyfile

Common Issues

• Incorrect key file: Ensure that the specified key file contains the correct encryption key for the key slot.
• Key slot not found: Verify that the specified key slot exists in the LUKS header.
• Invalid slot flags: The specified slot flags must be valid and supported by the LUKS header.

Integration

cryptsetup-lukskillslot can be used with other tools, such as:

• cryptsetup: To manage LUKS encrypted partitions.
• openssl: To generate new encryption keys and verify passwords.

Related Commands

• cryptsetup
• luksformat
• luksopen