Query: pmt-ehd
OS: suse
Section: 8
Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar
pmt-ehd(8) pam_mount pmt-ehd(8) Name pmt-ehd - create an encrypted disk image Syntax pmt-ehd [-DFx] [-c fscipher] [-h digest] [-i cipher] [-k fscipher_keybits] [-t fstype] -f container_path -p fskey_path -s size_in_mb Options Mandatory options that are absent are inquired interactively, and pmt-ehd will exit if stdin is not a terminal. -D Turn on debugging strings. -F Force operation that would otherwise ask for interactive confirmation. Multiple -F can be specified to apply more force. -c cipher The cipher to be used for the filesystem. This can take any value that cryptsetup(8) recognizes, usually in the form of "cipher- mode[-extras]". Recommended are aes-cbc-essiv:sha256 (this is the default) or blowfish-cbc-essiv:sha256. -f path Store the new disk image at path. If the file already exists, pmt-ehd will prompt before overwriting unless -F is given. If path refers to a symlink, pmt-ehd will act even more cautious. -h digest Digest used for fskey derivation from the password. This can take any value that OpenSSL recognizes. The default is sha1. -i cipher Cipher used for the filesystem key (not the encrypted filesystem itself). This can take any value that OpenSSL recognizes, usually in the form of "cipher-keysize-mode". Recommended is aes-256-cbc (this is the default). -k keybits The keysize for the cipher specified with -c. Some ciphers support multiple keysizes, AES for example is available with at least the keysizes 192 and 256. Example: -c aes-cbc-essiv:sha256 -k 192. The default is 256. -p path Store the filesystem key at path. The filesystem key is the ultimate key to open the encrypted filesystem, and the fs key itself is encrypted with your password. -s size The initial size of the encrypted filesystem, in megabytes. This option is ignored when the filesystem is created on a block device. -t fstype Filesystem to use for the encrypted filesystem. Defaults to xfs. -u user Give the container and fskey files to user (because the program is usually runs as root, and the files would otherwise retain root ownership). -x Do not initialize the container with random bytes. This may impact secrecy. Description pmt-ehd can be used to create a new encrypted container, and replaces the previous mkehd script as well as any HOWTOs that explain how to do it manually. Without any arguments, pmt-ehd will interactively ask for all missing parameters. To create a container with a size of 256 MB, use: pmt-ehd -f /home/user.key -p /home/user.enc -s 256 pam_mount 2008-09-16 pmt-ehd(8)