crypttab - Linux


crypttab is a configuration file used by the Linux kernel’s dm-crypt module to specify how block devices should be unlocked using cryptographic keys. It allows for easy management and control of encrypted devices, ensuring secure data storage and protection.


<device_name> <keyfile> <options> ... <cipher_spec> <hash_spec> [<hash_iters>]


  • keyfile: Path to the file containing the encryption key.
  • options: Additional options for device handling, such as:
    • nofail: Continue booting even if the device cannot be unlocked.
    • noauto: Prevent automatic unlocking during boot.
  • cipher_spec: Encryption cipher, e.g., aes-cbc-essiv:sha256.
  • hash_spec: Hash function, e.g., sha256.
  • hash_iters: Number of hash iterations (optional).


Basic Example:

/dev/mapper/disk1 /mykeyfile aes-cbc-essiv:sha256 nofail

Complex Example:

/dev/sda2 /mykeyfile aes-xts-plain64:sha512 noauto hash=sha256,65536

Common Issues

  • Errors during boot: Ensure the keyfile is accessible and the specified device exists.
  • Data corruption: Verify the integrity of the encrypted device and the keyfile.
  • Incorrect passphrase: Double-check the passphrase used to generate the encryption key.


  • cryptmount: Used to mount encrypted devices using crypttab.
  • luksOpen: Provides an interface for managing LUKS (Linux Unified Key Setup) encrypted devices.
  • dmsetup: Low-level device mapper utility used for device management.

Related Commands

  • cryptsetup: Manages encrypted devices and key management.
  • lsblk: Lists block devices and their attributes.
  • mkinitcpio: Generates custom initial RAM disk images, including support for encrypted root filesystems.