{"id":49018125,"url":"https://github.com/fkemser/LUKSwrapper","last_synced_at":"2026-05-21T19:01:36.408Z","repository":{"id":244298357,"uuid":"752747476","full_name":"fkemser/LUKSwrapper","owner":"fkemser","description":"A collection of shell scripts to setup and manage LUKS/LUKS2-encrypted drives, either interactively or via command line.","archived":false,"fork":false,"pushed_at":"2026-01-11T00:08:38.000Z","size":5905,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-11T08:12:56.994Z","etag":null,"topics":["cryptsetup","dialog","fido2","luks","luks2","pkcs11","sh","shell","tpm"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fkemser.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-02-04T17:38:45.000Z","updated_at":"2026-01-11T00:08:42.000Z","dependencies_parsed_at":"2024-06-13T23:04:18.164Z","dependency_job_id":"0523c19f-5085-4530-ba4b-19f48a24e02e","html_url":"https://github.com/fkemser/LUKSwrapper","commit_stats":null,"previous_names":["fkemser/lukswrapper"],"tags_count":0,"template":false,"template_full_name":"fkemser/SHtemplate","purl":"pkg:github/fkemser/LUKSwrapper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fkemser%2FLUKSwrapper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fkemser%2FLUKSwrapper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fkemser%2FLUKSwrapper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fkemser%2FLUKSwrapper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fkemser","download_url":"https://codeload.github.com/fkemser/LUKSwrapper/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fkemser%2FLUKSwrapper/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33311395,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-21T12:23:38.849Z","status":"ssl_error","status_checked_at":"2026-05-21T12:22:11.673Z","response_time":62,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptsetup","dialog","fido2","luks","luks2","pkcs11","sh","shell","tpm"],"created_at":"2026-04-19T03:00:28.358Z","updated_at":"2026-05-21T19:01:36.397Z","avatar_url":"https://github.com/fkemser.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"\u003c!-- Improved compatibility of back to top link: See: https://github.com/othneildrew/Best-README-Template/pull/73 --\u003e\n\u003ca name=\"readme-top\"\u003e\u003c/a\u003e\n\u003c!--\n*** Thanks for checking out the Best-README-Template. If you have a suggestion\n*** that would make this better, please fork the repo and create a pull request\n*** or simply open an issue with the tag \"enhancement\".\n*** Don't forget to give the project a star!\n*** Thanks again! Now go create something AMAZING! :D\n--\u003e\n\n\n\n\u003c!-- PROJECT SHIELDS --\u003e\n\u003c!--\n*** I'm using markdown \"reference style\" links for readability.\n*** Reference links are enclosed in brackets [ ] instead of parentheses ( ).\n*** See the bottom of this document for the declaration of the reference variables\n*** for contributors-url, forks-url, etc. This is an optional, concise syntax you may use.\n*** https://www.markdownguide.org/basic-syntax/#reference-style-links\n--\u003e\n[![Contributors][contributors-shield]][contributors-url]\n[![Forks][forks-shield]][forks-url]\n[![Stargazers][stars-shield]][stars-url]\n[![Issues][issues-shield]][issues-url]\n[![GNU GPL v3.0 License][license-shield]][license-url]\n\u003c!-- [![LinkedIn][linkedin-shield]][linkedin-url] --\u003e\n\n\n\n\u003c!-- PROJECT LOGO --\u003e\n\u003cbr /\u003e\n\u003cdiv align=\"center\"\u003e\n \u003c!-- \u003ca href=\"https://github.com/fkemser/LUKSwrapper\"\u003e\n \u003cimg src=\"images/logo.png\" alt=\"Logo\" width=\"80\" height=\"80\"\u003e\n \u003c/a\u003e --\u003e\n\n\u003ch3 align=\"center\"\u003eLUKSwrapper\u003c/h3\u003e\n\n \u003cp align=\"center\"\u003e\n A collection of shell scripts to setup and manage LUKS2-encrypted drives, either interactively or via command line.\n \u003cbr /\u003e\n \u003ca href=\"https://github.com/fkemser/LUKSwrapper\"\u003e\u003cstrong\u003eExplore the docs »\u003c/strong\u003e\u003c/a\u003e\n \u003cbr /\u003e\n \u003cbr /\u003e\n \u003ca href=\"https://github.com/fkemser/LUKSwrapper\"\u003eView Demo\u003c/a\u003e\n ·\n \u003ca href=\"https://github.com/fkemser/LUKSwrapper/issues\"\u003eReport Bug\u003c/a\u003e\n ·\n \u003ca href=\"https://github.com/fkemser/LUKSwrapper/issues\"\u003eRequest Feature\u003c/a\u003e\n \u003c/p\u003e\n\u003c/div\u003e\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"res/screenshot1.png\" alt=\"screenshot1\" width=\"75%\"/\u003e\u003c/p\u003e\n\n\u003c!-- TABLE OF CONTENTS --\u003e\n\u003cdetails open\u003e\n \u003csummary\u003eTable of Contents\u003c/summary\u003e\n \u003col\u003e\n \u003cli\u003e\u003ca href=\"#tldr\"\u003eTL;DR\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#about-the-project\"\u003eAbout The Project\u003c/a\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ca href=\"#built-with\"\u003eBuilt With\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"#testing-environment\"\u003eTesting Environment\u003c/a\u003e\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#getting-started\"\u003eGetting Started\u003c/a\u003e\n \u003cul\u003e\n \u003cli\u003e\n \u003ca href=\"#prerequisites\"\u003ePrerequisites\u003c/a\u003e\n \u003cul\u003e\n \u003cli\u003e\u003ca href=\"#debian-1\"\u003eDebian\u003c/a\u003e\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\u003ca href=\"#installation\"\u003eInstallation\u003c/a\u003e\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\u003ca href=\"#usage-srclukssh\"\u003eUsage (/src/luks.sh)\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"#roadmap\"\u003eRoadmap\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"#contributing\"\u003eContributing\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"#license\"\u003eLicense\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"#contact\"\u003eContact\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"#acknowledgments\"\u003eAcknowledgments\u003c/a\u003e\u003c/li\u003e\n \u003c/ol\u003e\n\u003c/details\u003e\n\n\n\n\u003c!-- TL;DR --\u003e\n## TL;DR\n\n### 1. Install dependencies\nTo install all (necessary and optional) packages on your system, simply run:\n\n#### Debian\n```sh\nsudo apt install dialog cryptsetup pv libfido2-1 opensc-pkcs11 pcscd libccid \\\n libtss2-esys-3.0.2-0 libtss2-rc0\n```\n\n### 2. Clone the repo and run the script\n```sh\ngit clone --recurse-submodules https://github.com/fkemser/LUKSwrapper.git \u0026\u0026 \\\nchmod +x ./LUKSwrapper/src/luks.sh \u0026\u0026 \\\n./LUKSwrapper/src/luks.sh\n```\n\n\u003e :information_source: For more information please have a look at the [usage](#usage-srclukssh) section below.\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\n\n\u003c!-- ABOUT THE PROJECT --\u003e\n## About The Project\n\nThis project provides command-line switches as well as a `dialog`-based interface to\n\n- setup dm-crypt/LUKS2 encryption on hard disks and flash drives,\n- mount and unmount LUKS2 devices,\n- add and remove LUKS2 key slots (passphrases, FIDO2 devices, PKCS11 token, TPM2 chips),\n- backup and restore LUKS2 header,\n- clone drives.\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\n\n### Built With\n\n[![Shell Script][Shell Script-shield]][Shell Script-url]\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\n\n### Testing Environment\n\nThe project has been developed and tested on the following system:\n\n| Info | Description\n---: | ---\nOS | Debian GNU/Linux 12 (bookworm)\nKernel | 6.1.0-17-amd64\nPackages | [coreutils (9.1-1)](https://packages.debian.org/bookworm/coreutils)\n|| [cryptsetup (2:2.6.1-4~deb12u1)](https://packages.debian.org/bookworm/cryptsetup)\n|| [dash (0.5.12-2)](https://packages.debian.org/bookworm/dash)\n|| [dialog (1.3-20230209-1)](https://packages.debian.org/bookworm/dialog)\n|| [libc-bin (2.36-9+deb12u1)](https://packages.debian.org/bookworm/libc-bin)\n|| [libccid (1.5.2-1)](https://packages.debian.org/bookworm/libccid)\n|| [libfido2-1 (1.12.0-2+b1)](https://packages.debian.org/bookworm/libfido2-1)\n|| [libtss2-esys-3.0.2-0 (3.2.1-3)](https://packages.debian.org/bookworm/libtss2-esys-3.0.2-0)\n|| [libtss2-rc0 (3.2.1-3)](https://packages.debian.org/bookworm/libtss2-rc0)\n|| [opensc-pkcs11 (0.23.0-0.3+deb12u1)](https://packages.debian.org/bookworm/opensc-pkcs11)\n|| [pcscd (1.9.9-2)](https://packages.debian.org/bookworm/pcscd)\n|| [pv (1.6.20-1)](https://packages.debian.org/bookworm/pv)\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\n\n\u003c!-- GETTING STARTED --\u003e\n## Getting Started\n\n### Prerequisites\nPlease make sure that the following dependencies are installed:\n\n* [Cryptsetup and LUKS](https://gitlab.com/cryptsetup/cryptsetup)\n* [Pipe Viewer](https://www.ivarch.com/programs/pv.shtml)\n\nAdditionally, there are some use-case specific dependencies (see sections below):\n\n* [Dialog](https://invisible-island.net/dialog/dialog.html)\n* [libfido2-1](https://developers.yubico.com/libfido2/)\n* [libtss2-esys-3.0.2-0](https://github.com/tpm2-software/tpm2-tss)\n* [libtss2-rc0](https://github.com/tpm2-software/tpm2-tss)\n* [OpenSC (PKCS#11 module)](https://github.com/OpenSC/libp11)\n* [PCSClite](https://pcsclite.apdu.fr/)\n* [USB PC/SC CCID driver](https://ccid.apdu.fr/)\n\nBelow you can find distribution-specific installation instructions.\n\n#### Debian\n```sh\nsudo apt install cryptsetup pv # Mandatory\nsudo apt install dialog # Interactive Mode (optional)\nsudo apt install libfido2-1 # FIDO2 (optional)\nsudo apt install opensc-pkcs11 pcscd libccid # PKCS#11 (optional)\nsudo apt install libtss2-esys-3.0.2-0 libtss2-rc0 # TPM2 (optional)\n```\n\n### Mandatory\n```\n Packages: Cryptsetup, PipeViewer\n Debian: \u003e sudo apt install cryptsetup pv\n```\n\n### Interactive Mode (optional)\nIn case you run this script interactively your terminal window must have a size of \u003c100x30\u003e or bigger.\n\n````\n Packages: Dialog\n Debian: \u003e sudo apt install dialog\n````\n\n### FIDO2/PKCS#11/TMP2 Security Token/Chip (optional)\nPlease make sure that your OS is shipped with \u003csystemd\u003e version '251.3-1' or\nhigher. To check your current systemd version simply run\n \u003e systemctl --version\n\n#### FIDO2\nYour token must support the \"HMAC Secret Extension (hmac-secret)\". \nAdditionally, the following packages must be installed: \n\n````\n Packages: libfido2.so.1\n Debian: \u003e sudo apt install libfido2-1\n````\n\n#### PKCS#11\nYour token must be initialized and contain a valid public/private key pair. \nAdditionally, the following packages must be installed: \n\n````\n Packages: OpenSC (PKCS#11 module), PCSClite, USB PC/SC CCID driver\n Debian: \u003e sudo apt install opensc-pkcs11 pcscd libccid\n````\n\nSee also: https://github.com/shimunn/fido2luks/tree/master#theory-of-operation\n\n#### TPM2\n````\n Packages: TPM2 Software stack library - TSS and TCTI libraries\n Debian: \u003e sudo apt install libtss2-esys-3.0.2-0 libtss2-rc0\n````\n\nSee also: https://manpages.debian.org/experimental/systemd/systemd-cryptenroll.1.en.html\n\n### Installation\n\n1. Clone the repo\n\t```sh\n git clone --recurse-submodules https://github.com/fkemser/LUKSwrapper.git\n ```\n2. Edit the repository configuration file. In case it is empty just keep it as it is, **do not delete it**.\n\t```sh\n nano ./LUKSwrapper/etc/luks.cfg.sh\n ```\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\n\n\u003c!-- USAGE --\u003e\n## Usage (/src/luks.sh)\n\nTo call the script **interactively**, run `./LUKSwrapper/src/luks.sh` (without further arguments) from your terminal.\n\nFor **script mode** run `./LUKSwrapper/src/luks.sh` followed by a list of arguments `--arg1 [\u003cval1\u003e] --arg2 [\u003cval2\u003e] ...`, see also [help](#help-script-mode) section below.\n\n### Examples (Script Mode)\n#### Encrypt device\n```sh\n./LUKSwrapper/src/luks.sh --show-drives\n./LUKSwrapper/src/luks.sh --cipher aes-xts-plain64 --hash sha256 --iter-time 2000 --key-size 512 --filesystem ext4 --encrypt /dev/sdz\n```\n\n#### Open and close device\n```sh\n./LUKSwrapper/src/luks.sh --show-drives\n./LUKSwrapper/src/luks.sh --mapper mymapper --filesystem auto --open /dev/sdz\n./LUKSwrapper/src/luks.sh --close /dev/sdz\n```\n\n#### Enroll FIDO2 token\n```sh\n./LUKSwrapper/src/luks.sh --auth fido2 --fido2-device auto --enroll /dev/sdz\n./LUKSwrapper/src/luks.sh --auth fido2 --fido2-device auto --mapper mymapper --open /dev/sdz\n./LUKSwrapper/src/luks.sh --close /dev/sdz\n```\n\n#### Backup and recover header\n```sh\n./LUKSwrapper/src/luks.sh --header-info /dev/sdz\n./LUKSwrapper/src/luks.sh --header-backup /dev/sdz /tmp/luks.header\n./LUKSwrapper/src/luks.sh --header-restore /tmp/luks.header /dev/sdz\n```\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n### Help (Script Mode)\nTo get help, run `./LUKSwrapper/src/luks.sh -h`. \n\n```sh\n================================================================================\n=============================== SYNOPSIS ===============================\n================================================================================\n\nThere are multiple ways to run this script:\n\nInteractive mode (without any args):\n\u003e ./luks.sh\n\nClassic (script) mode:\n\u003e ./luks.sh [ OPTION ]... ACTION [\u003cdevice\u003e]\n\nACTION := { -h|--help | --benchmark | --clone \u003csrc dev\u003e \u003cdst dev\u003e | --close \u003cdevice\u003e | --encrypt \u003cdevice\u003e | --enroll \u003cdevice\u003e | --header-backup \u003cdevice\u003e \u003cfile\u003e | --header-info \u003cdevice\u003e | --header-restore \u003cfile\u003e \u003cdevice\u003e | --is-luks-device \u003cdevice\u003e | --list-token \u003ctype\u003e | --open \u003cdevice\u003e | --remove \u003cdevice\u003e | --replace \u003cdevice\u003e | --show-drives }\n\nOPTION := { [--auth \u003ctype\u003e] | [-c|--cipher \u003ccipher\u003e] | [--fido2-device \u003cdev\u003e] | [--filesystem \u003cfs\u003e] | [--hash \u003calgorithm\u003e] | [-i|--iter-time \u003ct\u003e] | [-s|--key-size \u003cbits\u003e] | [--mapper \u003cname\u003e] | [--mount \u003cmountpoint\u003e] | [--no-pin] | [--pkcs11-token-uri \u003curi\u003e] | [--tpm2-device \u003cdev\u003e] | [--tpm2-pcrs \u003cpcrs\u003e] }\n\n[\u003cdevice\u003e] : Block device to use, e.g. '/dev/sda'\n\n--------------------------------------------------------------------------------\n-------------------------------- ACTION --------------------------------\n--------------------------------------------------------------------------------\n\n-h|--help Show this help message \n\n--submenu \u003cmenu\u003e Run a certain submenu interactively and \n exit \n \n \u003cmenu\u003e = { show-drives | benchmark | \n encrypt | open | close | enroll | remove | \n replace | header-backup | header-restore | \n header-info | clone } \n\n--benchmark Run a benchmark \n\n--clone \u003csrc dev\u003e \u003cdst dev\u003e Clone \u003csrc dev\u003e to \u003cdst dev\u003e \n\n--close \u003cdevice\u003e Close and unmount \u003cdevice\u003e \n\n--encrypt \u003cdevice\u003e Encrypt \u003cdevice\u003e \n\n--enroll \u003cdevice\u003e Enroll a passphrase or a security token \n (FIDO2/PKCS#11/TPM2) to \u003cdevice\u003e's LUKS \n header. Use it with '--auth \u003ctype\u003e' to set \n the authentication method to use. \n\n--header-backup \u003cdevice\u003e \u003cfile\u003e Backup \u003cdevice\u003e's LUKS header to \u003cfile\u003e (4)\n\n--header-info \u003cdevice\u003e Show information about \u003cdevice\u003e's LUKS \n header \n\n--header-restore \u003cfile\u003e \u003cdevice\u003e Restore \u003cdevice\u003e's LUKS header from \u003cfile\u003e \n\n--is-luks-device \u003cdevice\u003e Check whether \u003cdevice\u003e is a LUKS device. \n Return value: 0 = yes, 1 = no. \n\n--list-token \u003ctype\u003e List connected tokens of a certain type \n \n fido2 : FIDO2 Security Token \n pkcs11 : PKCS#11 Smartcards and \n Security Token \n tpm2 : Trusted Platform Module 2 \n (TPM2) \n\n--open \u003cdevice\u003e Open \u003cdevice\u003e and mount it. Use it with \n '--auth \u003ctype\u003e' to set the authentication \n method to use. \n\n--remove \u003cdevice\u003e Either remove a passphrase from \u003cdevice\u003e's \n LUKS header or wipe an entire token slot \n (3) \n\n--replace \u003cdevice\u003e Only with '--auth \u003cfido2|pkcs11|tpm2\u003e'. \n Replace an entire token slot by all \n (currently connected) security token \n\n--show-drives Show available drives \n\n--------------------------------------------------------------------------------\n-------------------------------- OPTION --------------------------------\n--------------------------------------------------------------------------------\n\n____________ ACTION := { --enroll | --open | --remove | --replace } ____________\n\n--auth \u003ctype\u003e Specify authentication method to use for accessing LUKS \n encryption key \n \n passphrase : Passphrase \n recovery : Recovery Key \n (automatically \n generated). Only if \n ACTION := { --enroll | \n --remove | --replace }. \n Mostly identical to \n 'passphrase', but this \n option randomly \n generates a passphrase \n which can be optionally \n scanned off screen via a \n QR code. \n fido2 : FIDO2 Security Token \n pkcs11 : PKCS#11 Smartcards and \n Security Token \n tpm2 : Trusted Platform Module \n 2 (TPM2) \n \n (default: 'passphrase') \n\n_________________ ACTION := { --enroll | --open | --replace } __________________\n\n--fido2-device \u003cdev\u003e Only with '--auth fido2'. Specify FIDO2 (hidraw) \n device to use, possible values are: \n \n auto : Automatically (exactly one (1) \n token, no other token must be \n connected) \n ... : Manually, by specifying its \n devnode name (\u003cdev\u003e = \n /dev/hidraw...). To list all \n currently connected hidraw \n devices, just run './luks.sh \n --list-token fido2'. \n \n (default: 'auto') \n\n--pkcs11-token-uri \u003curi\u003e Only with '--auth pkcs11'. Specify PKCS#11 URI of \n the token object to use, possible values are: \n \n auto : Automatically (exactly one (1) \n token, no other token must be \n connected) \n ... : Manually, by specifying the \n URI (\u003curi\u003e = pkcs11:...). To \n list all currently discovered \n PKCS#11 token, just run \n './luks.sh --list-token \n pkcs11'. \n \n (default: 'auto') \n\n--tpm2-device \u003cdev\u003e Only with '--auth tpm2'. Specify TPM2 security \n chip (device) to use, possible values are: \n \n auto : Automatically (there must be \n exactly one (1) chip existing) \n ... : Manually, by specifying its \n devnode name (\u003cdev\u003e = \n /dev/tpmrm...). To list all \n currently discovered TPM2 \n chips, just run './luks.sh \n --list-token tpm2'. \n \n (default: 'auto') \n\n______________________ ACTION := { --enroll | --replace } ______________________\n\n--no-pin Only with '--auth \u003cfido2|tpm2\u003e'. Disable any PIN request \n during unlock. Not recommended. \n\n--tpm2-pcrs \u003cpcrs\u003e Only with '--auth tpm2'. Specify one or more TPM2 PCRs \n (Platform Configuration Registers) to bind the requested \n enrollment to. \u003cpcrs\u003e must be a '+' separated list of \n PCR indexes in the range of 0...23. For more information \n please have a look at 'man systemd-cryptenroll', section \n '--tpm2-pcrs= [PCR...]'. \n \n (default: '7') \n\n_______________________ ACTION := { --encrypt | --open } _______________________\n\n--filesystem \u003cfs\u003e Filesystem to use for mounting or formatting \n \n (default '--encrypt \u003cdevice\u003e': ext4) \n (default '--open \u003cdevice\u003e': auto) \n\n--mapper \u003cname\u003e Map open LUKS device to '/dev/mapper/\u003cname\u003e' \n \n (default: '\u003cdevice\u003e_crypt', e.g. 'sdz_crypt') \n\n_____________________________ ACTION := --encrypt ______________________________\n\n-c|--cipher \u003ccipher\u003e Specify cipher (1). Run 'cat /proc/crypto', \n 'cryptsetup benchmark' to get a list of available \n ciphers. \n \n (default: 'aes-xts-plain64') \n\n--hash \u003calgorithm\u003e Specify the passphrase hash (1). Run 'cryptsetup \n benchmark' to get a list of available algorithms. \n \n (default: 'sha256') \n\n-i|--iter-time \u003ct\u003e Specify number of milliseconds to spend with PBKDF2 \n passphrase processing \n \n (default: '2000') \n\n-s|--key-size \u003cbits\u003e Specify key size in bits (1) (2) \n \n (default: '512') \n\n_______________________________ ACTION := --open _______________________________\n\n--mount \u003cmountpoint\u003e Specify mount point. Leave \u003cmountpoint\u003e empty (\"\") to \n prevent mounting. \n \n (default: '/mnt/mapper/(--mapper \u003cname\u003e)') \n\n================================================================================\n================================ NOTES =================================\n================================================================================\n\n_____________________________________ (1) ______________________________________\n\nRun 'cryptsetup --help' to show the defaults.\n\n_____________________________________ (2) ______________________________________\n\nImportant if you use a cipher with XTS operation mode:\nXTS splits the supplied key in half, e.g. for AES-256 with\nXTS mode you need a key size of 512 bits.\n\n_____________________________________ (3) ______________________________________\n\nUse '--auth \u003ctype\u003e' to define the authentication method that\nshould be removed from the LUKS header. If \u003ctype\u003e is ...\n\n 'passphrase' : Only the passphrase entered during prompt\n will be removed from LUKS header\n\n 'fido2'|'pkcs11' : ALL tokens of this type\n 'recovery'|'tpm2' will be removed from LUKS header\n\n_____________________________________ (4) ______________________________________\n\nIT IS HIGHLY RECOMMENDED TO STORE YOUR HEADER BACKUP ON A SEPARATE EXTERNAL\nFLASH DRIVE. In case you delete passphrases/tokens from your header you must\nalso update your header backup files. Otherwise one could restore your old\nheader and use deprecated passphrases/tokens.\n```\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\n\n\u003c!-- ROADMAP --\u003e\n## Roadmap\n\nSee the [open issues](https://github.com/fkemser/LUKSwrapper/issues) for a full list of proposed features (and known issues).\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\n\n\u003c!-- CONTRIBUTING --\u003e\n## Contributing\n\nContributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.\n\nIf you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag \"enhancement\".\nDon't forget to give the project a star! Thanks again!\n\n1. Fork the Project\n2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`)\n3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)\n4. Push to the Branch (`git push origin feature/AmazingFeature`)\n5. Open a Pull Request\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\n\n\u003c!-- LICENSE --\u003e\n## License\n\nDistributed under the **GNU General Public License v3.0 (or later)**. See [`LICENSE`][license-url] for more information.\n\n\u003e :warning: The license above does not apply to the files and folders within the library directory `/lib`. Please have a look at the `LICENSE` file located in the root directory of each library to get more information.\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\n\n\u003c!-- CONTACT --\u003e\n## Contact\n\nProject Link: [https://github.com/fkemser/LUKSwrapper](https://github.com/fkemser/LUKSwrapper)\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\n\n\u003c!-- ACKNOWLEDGMENTS --\u003e\n## Acknowledgments\n###\n* [othneildrew/Best-README-Template](https://github.com/othneildrew/Best-README-Template)\n* [Ileriayo/markdown-badges](https://github.com/Ileriayo/markdown-badges)\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\n\n\u003c!-- MARKDOWN LINKS \u0026 IMAGES --\u003e\n\u003c!-- https://www.markdownguide.org/basic-syntax/#reference-style-links --\u003e\n[contributors-shield]: https://img.shields.io/github/contributors/fkemser/LUKSwrapper.svg?style=for-the-badge\n[contributors-url]: https://github.com/fkemser/LUKSwrapper/graphs/contributors\n[forks-shield]: https://img.shields.io/github/forks/fkemser/LUKSwrapper.svg?style=for-the-badge\n[forks-url]: https://github.com/fkemser/LUKSwrapper/network/members\n[stars-shield]: https://img.shields.io/github/stars/fkemser/LUKSwrapper.svg?style=for-the-badge\n[stars-url]: https://github.com/fkemser/LUKSwrapper/stargazers\n[issues-shield]: https://img.shields.io/github/issues/fkemser/LUKSwrapper.svg?style=for-the-badge\n[issues-url]: https://github.com/fkemser/LUKSwrapper/issues\n[license-shield]: https://img.shields.io/github/license/fkemser/LUKSwrapper.svg?style=for-the-badge\n[license-url]: https://github.com/fkemser/LUKSwrapper/blob/master/LICENSE\n[linkedin-shield]: https://img.shields.io/badge/-LinkedIn-black.svg?style=for-the-badge\u0026logo=linkedin\u0026colorB=555\n[linkedin-url]: https://linkedin.com/in/linkedin_username\n\n[screenshot1]: res/screenshot1.png\n\n[LaTeX-shield]: https://img.shields.io/badge/latex-%23008080.svg?style=for-the-badge\u0026logo=latex\u0026logoColor=white\n[LaTeX-url]: https://www.latex-project.org/\n[Shell Script-shield]: https://img.shields.io/badge/shell_script-%23121011.svg?style=for-the-badge\u0026logo=gnu-bash\u0026logoColor=white\n[Shell Script-url]: https://pubs.opengroup.org/onlinepubs/9699919799/","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffkemser%2FLUKSwrapper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffkemser%2FLUKSwrapper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffkemser%2FLUKSwrapper/lists"}