Cryptsetup Disk Encryption Tool
www.cryptsetup.org
1
Leaving SiteNav
External Link Disclaimer
You are about to visit www.cryptsetup.org. This website is not operated by us. We are not responsible for its content or privacy practices.
About this website
Cryptsetup is a utility used to conveniently set up disk encryption based on the DMCrypt (Device Mapper Crypt) kernel module in Linux, providing transparent encryption of block devices including hard drives, SSDs, USB drives, and swap partitions. Originally developed by Clemens Fruhwirth in 2005 as a LUKS userspace tool, cryptsetup has been maintained by Milan Broz and the cryptsetup team, with over 700 stars as of 2026. It is the standard full disk encryption solution on virtually all Linux distributions. Key features include: LUKS (Linux Unified Key Setup) format (the standard for Linux hard disk encryption with metadata headers, multiple key slots for up to 8 passwords or keyfiles, anti-forensic split key storage, and PBKDF2 or Argon2 key derivation), LUKS2 (the next-generation format introduced in cryptsetup 2.0, supporting Argon2 key derivation for GPU-resistant brute force protection, JSON metadata for extensibility, and authenticated encryption including AEAD modes), plain dm-crypt mode (raw device mapper encryption without LUKS headers for scenarios requiring deniable encryption with no on-disk metadata), Argon2 (memory-hard key derivation function providing resistance against GPU and ASIC brute-force attacks with configurable memory cost, time cost, and parallelism), hardware acceleration (AES-NI, ARM Crypto Extensions for native-speed hardware-accelerated encryption), encryption algorithms (AES, Twofish, Serpent, ChaCha20, and Adiantum for devices without hardware acceleration), integrity protection (dm-integrity combined with LUKS2 for authenticated encryption preventing tampering and bit-rot), token support (external key management via PKCS#11, FIDO2, and TPM2 hardware tokens for passwordless unlocking), detached headers (storing LUKS header separately from the encrypted device for plausible deniability), and online reencryption (migrating encryption parameters without data loss).
Tags & Categories
Categories
Tags
Statistics
1
Views
0
Clicks
0
Like
0
Dislike