Poster of Linux kernelThe best gift for a Linux geek


Section: pam_mount (8) Updated: 2008-09-16
Local index Up


pmt-ehd - create an encrypted disk image  


pmt-ehd [-DFx] [-c fscipher] [-h digest] [-i cipher] [-k fscipher_keybits] [-t fstype] -f container_path -p fskey_path -s size_in_mb  


Mandatory options that are absent are inquired interactively, and pmt-ehd will exit if stdin is not a terminal.

Turn on debugging strings.
Force operation that would otherwise ask for interactive confirmation. Multiple -F can be specified to apply more force.
-c cipher
The cipher to be used for the filesystem. This can take any value that cryptsetup(8) recognizes, usually in the form of "cipher-mode[-extras]". Recommended are aes-cbc-essiv:sha256 (this is the default) or blowfish-cbc-essiv:sha256.
-f path
Store the new disk image at path. If the file already exists, pmt-ehd will prompt before overwriting unless -F is given. If path refers to a symlink, pmt-ehd will act even more cautious.
-h digest
Digest used for fskey derivation from the password. This can take any value that OpenSSL recognizes. The default is sha1.
-i cipher
Cipher used for the filesystem key (not the encrypted filesystem itself). This can take any value that OpenSSL recognizes, usually in the form of "cipher-keysize-mode". Recommended is aes-256-cbc (this is the default).
-k keybits
The keysize for the cipher specified with -c. Some ciphers support multiple keysizes, AES for example is available with at least the keysizes 192 and 256. Example: -c aes-cbc-essiv:sha256 -k 192.
-p path
Store the filesystem key at path. The filesystem key is the ultimate key to open the encrypted filesystem, and the fs key itself is encrypted with your password.
-s size
The initial size of the encrypted filesystem, in megabytes. This option is ignored when the filesystem is created on a block device.
-t fstype
Filesystem to use for the encrypted filesystem. Defaults to xfs.
-u user
Give the container and fskey files to user (because the program is usually runs as root, and the files would otherwise retain root ownership).
Do not initialize the container with random bytes. This may impact secrecy.


pmt-ehd can be used to create a new encrypted container, and replaces the previous mkehd script as well as any HOWTOs that explain how to do it manually. Without any arguments, pmt-ehd will interactively ask for all missing parameters. To create a container with a size of 256 MB, use:

pmt-ehd -f /home/user.key -p /home/user.enc -s 256




This document was created by man2html, using the manual pages.
Time: 22:02:10 GMT, April 16, 2011