aliases: ["dm-crypt"]
obj: filesystem
a transparent disk encryption subsystem in the [Linux](../Linux.md) kernel. It is implemented as a device mapper target and may be stacked on top of other device mapper transformations. It can thus encrypt whole disks (including removable media), partitions, software [RAID](RAID.md) volumes, logical volumes, as well as files. It appears as a block device, which can be used to back file systems, swap or as an [LVM](LVM.md) physical volume

## Usage
Initialize device:
cryptsetup luksFormat device

Open device:
cryptsetup open device dmname
Device will be mapped in `/dev/mapper/dmname`

Close device:
cryptsetup close dmname 

Show device info:
cryptsetup luksDump device

Resize device:
cryptsetup resize device

## Crypttab
Define crypto targets in `/etc/crypttab`
name   underlying device   passphrase              cryptsetup options
backup /dev/sdb1           /key/backup.key

After devices are unlocked they can be mounted using fstab.