%general-entities; ]> cryptsetup cryptsetup is used to set up transparent encryption of block devices using the kernel crypto API. &lfs121_checked; Package Information Download (HTTP): Download (FTP): Download MD5 sum: &cryptsetup-md5sum; Download size: &cryptsetup-size; Estimated disk space required: &cryptsetup-buildsize; Estimated build time: &cryptsetup-time; cryptsetup Dependencies Required , , and Optional , , argon2, libssh, and passwdqc Encrypted block devices require kernel support. To use it, the appropriate kernel configuration parameters need to be set: cryptsetup Install cryptsetup by running the following commands: ./configure --prefix=/usr \ --disable-ssh-token \ --disable-asciidoc && make To test the result, issue as the root user: make check. Some tests will fail if appropriate kernel configuration options are not set. Some additional options that may be needed for tests are: CONFIG_SCSI_LOWLEVEL, CONFIG_SCSI_DEBUG, CONFIG_BLK_DEV_DM_BUILTIN, CONFIG_CRYPTO_USER, CONFIG_CRYPTO_CRYPTD, CONFIG_CRYPTO_LRW, CONFIG_CRYPTO_XTS, CONFIG_CRYPTO_ESSIV, CONFIG_CRYPTO_CRCT10DIF, CONFIG_CRYPTO_AES_TI, CONFIG_CRYPTO_AES_NI_INTEL, CONFIG_CRYPTO_BLOWFISH, CONFIG_CRYPTO_CAST5, CONFIG_CRYPTO_SERPENT, CONFIG_CRYPTO_SERPENT_SSE2_X86_64, CONFIG_CRYPTO_SERPENT_AVX_X86_64, CONFIG_CRYPTO_SERPENT_AVX2_X86_64, and CONFIG_CRYPTO_TWOFISH_X86_64 Now, as the root user: make install --disable-ssh-token: This switch is required if the optional libssh dependency is not installed. --disable-asciidoc: This switch disables regeneration of the man pages. Remove this switch if you have installed and wish to regenerate the man pages. Note that even if this switch is used, the pre-generated man pages are shipped in the tarball and they'll still be installed. Because of the number of possible configurations, setup of encrypted volumes is beyond the scope of the BLFS book. Please see the configuration guide in the cryptsetup FAQ. Installed Programs Installed Libraries Installed Directories cryptsetup, cryptsetup-reencrypt, integritysetup, and veritysetup libcryptsetup.so None Short Descriptions cryptsetup is used to setup dm-crypt managed device-mapper mappings cryptsetup cryptsetup-reencrypt is a tool for offline LUKS device re-encryption cryptsetup-reencrypt integritysetup is a tool to manage dm-integrity (block level integrity) volumes integritysetup veritysetup is used to configure dm-verity managed device-mapper mappings. The Device-mapper verity target provides read-only transparent integrity checking of block devices using the kernel crypto API veritysetup