crypttab - Linux
Overview
crypttab is a configuration file used by the Linux kernel’s dm-crypt module to specify how block devices should be unlocked using cryptographic keys. It allows for easy management and control of encrypted devices, ensuring secure data storage and protection.
Syntax
/etc/crypttab:
<device_name> <keyfile> <options> ... <cipher_spec> <hash_spec> [<hash_iters>]
Options/Flags
- keyfile: Path to the file containing the encryption key.
- options: Additional options for device handling, such as:
- nofail: Continue booting even if the device cannot be unlocked.
- noauto: Prevent automatic unlocking during boot.
- cipher_spec: Encryption cipher, e.g., aes-cbc-essiv:sha256.
- hash_spec: Hash function, e.g., sha256.
- hash_iters: Number of hash iterations (optional).
Examples
Basic Example:
/dev/mapper/disk1 /mykeyfile aes-cbc-essiv:sha256 nofail
Complex Example:
/dev/sda2 /mykeyfile aes-xts-plain64:sha512 noauto hash=sha256,65536
Common Issues
- Errors during boot: Ensure the keyfile is accessible and the specified device exists.
- Data corruption: Verify the integrity of the encrypted device and the keyfile.
- Incorrect passphrase: Double-check the passphrase used to generate the encryption key.
Integration
- cryptmount: Used to mount encrypted devices using crypttab.
- luksOpen: Provides an interface for managing LUKS (Linux Unified Key Setup) encrypted devices.
- dmsetup: Low-level device mapper utility used for device management.
Related Commands
- cryptsetup: Manages encrypted devices and key management.
- lsblk: Lists block devices and their attributes.
- mkinitcpio: Generates custom initial RAM disk images, including support for encrypted root filesystems.