cryptsetup-fvault2Dump - dump the header information of a FVAULT2 (FileVault2 compatible) device
NAME SYNOPSIS DESCRIPTION OPTIONS REPORTING BUGS SEE ALSO CRYPTSETUPNAME
cryptsetup-fvault2Dump − dump the header information of a FVAULT2 (FileVault2 compatible) device
SYNOPSIS
cryptsetup fvault2Dump [<options>] <device>
DESCRIPTION
Dump the header information of a FVAULT2 (FileVault2 compatible) device.
If the −−dump−volume−key option is used, the FVAULT2 device volume key is dumped instead of header information. You have to provide a password or keyfile to dump the volume key.
Beware that the volume key can be used to decrypt the data stored in the container without a passphrase. This means that if the volume key is compromised, the whole device has to be erased to prevent further access. Use this option carefully.
<options> can be [−−dump−volume−key, −−volume−key−file, −−key−file, −−keyfile−offset, −−keyfile−size, −−timeout].
OPTIONS
−−batch−mode, −q
Suppresses all confirmation questions. Use with care!
If the −−verify−passphrase option is not specified, this option also switches off the passphrase verification.
−−debug or −−debug−json
Run in debug mode with full diagnostic logs. Debug output lines are always prefixed by #.
If −−debug−json is used, additional LUKS2 JSON data structures are printed.
−−dump−volume−key, −−dump−master−key (OBSOLETE alias)
Print the volume key in the displayed information. Use with care, as the volume key can be used to bypass the passphrases, see also option −−volume−key−file.
−−help, −?
Show help text and default parameters.
−−key−file, −d file
Read the passphrase from the file.
If the name given is "−", then the passphrase will be read from stdin. In this case, reading will not stop at newline characters.
See section NOTES ON PASSPHRASE PROCESSING in cryptsetup(8) for more information.
−−keyfile−offset value
Skip value bytes at the beginning of the key file.
−−keyfile−size, −l value
Read a maximum of value bytes from the key file. The default is to read the whole file up to the compiled−in maximum that can be queried with −−help. Supplying more data than the compiled−in maximum aborts the operation.
This option is useful to cut trailing newlines, for example. If −−keyfile−offset is also given, the size count starts after the offset.
−−timeout, −t seconds
The number of seconds to wait before a timeout on passphrase input via terminal. It is relevant every time a passphrase is asked. It has no effect if used in conjunction with −−key−file.
This option is useful when the system should not stall if the user does not input a passphrase, e.g., during boot. The default is a value of 0 seconds, which means to wait forever.
−−usage
Show short option help.
−−version, −V
Show the program version.
−−volume−key−file file, −−master−key−file file (OBSOLETE alias)
Use a volume key stored in a file.
The volume key is stored in a file instead of being printed out to standard output.
REPORTING BUGS
Report bugs at cryptsetup mailing list <[email protected]> or in Issues project section <https://gitlab.com/cryptsetup/cryptsetup/−/issues/new>.
Please attach the output of the failed command with −−debug option added.
SEE ALSO
Cryptsetup FAQ <https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions>
cryptsetup(8), integritysetup(8) and veritysetup(8)
CRYPTSETUP
Part of cryptsetup project <https://gitlab.com/cryptsetup/cryptsetup/>.