-
Notifications
You must be signed in to change notification settings - Fork 15
Expand file tree
/
Copy pathdektool.8
More file actions
29 lines (29 loc) · 1.07 KB
/
dektool.8
File metadata and controls
29 lines (29 loc) · 1.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
.TH dektool 8
'''
.SH NAME
\fBdektool\fR \- disk encryption keys manipulation tool
'''
.SH SYNOPSIS
.IP "\fBdektool create\fR \fIkeyfile\fR [\fIn\fR]" 4
Create \fIkeyfile\fR with \fIn\fR keys.
.IP "\fBdektool crover\fR \fIkeyfile\fR [\fIn\fR]" 4
Same, overwriting \fIkeyfile\fR if necessary.
.IP "\fBdektool add\fR \fIkeyfile\fR [\fIn\fR]" 4
Add \fIn\fR keys to \fIkeyfile\fR.
.IP "\fBdektool test\fR \fIkeyfile\fR" 4
Try unwrapping \fIkeyfile\fR to test passphrase.
.IP "\fBdektool repass\fR \fIkeyfile\fR" 4
Change passphrase.
'''
.SH DESCRIPTION
The tool works with AES-wrapped keyfiles containing one or more keys
indended for disk encryption. The key material in the file is encrypted
with a passphrase-derived key. To apply any changes, the existing data in
the file must be decrypted first, and then the updated data must be encrypted
again. The tool never leaves the file unencrypted.
.P
The keys are 32-byte (256-bit) chunks of random data from /dev/urandom.
There should be one key for each partition being encrypted.
'''
.SH SEE ALSO
\fBdmcrypt\fR(8), NIST AES Key Wrap Specification.