DESCRIPTION

Tool to convert block devices to LUKS-encrypted block devices on the fly

SYNOPSIS

luksipc

(-d, --device=,RAWDEV/) (--readdev=,DEV/) (-b, --blocksize=,BYTES/) (-c, --backupfile=,FILE/) (-k, --keyfile=,FILE/) (-p, --luksparam=,PARAMS/) (-l, --loglevel=,LVL/) (--resume) (--resume-file=,FILE/) (--no-seatbelt) (--i-know-what-im-doing) (-h, --help)

-d, --device=,RAWDEV/

Raw device that is about to be converted to LUKS. This is the device that luksFormat will be called on to create the new LUKS container. Mandatory argument.

--readdev=,DEV/

The device that the unencrypted data should be read from. This is only different from the raw device if the volume is already LUKS (or another container) and you want to reLUKSify it.

-b, --blocksize=,BYTES/

Specify block size for copying in bytes. Default (and minimum) size is 10 MiB (10485760 bytes). This value is rounded up to closest 4096-byte value automatically. It must be at least size of LUKS header (usually 2048 kiB, but may vary).

-c, --backupfile=,FILE/

Specify the file in which a header backup will be written. Essentially the header backup is a dump of the first 128 MiB of the raw device. By default this will be written to a file named backup.bin.

-k, --keyfile=,FILE/

Filename for the initial keyfile. A 4096 bytes long file will be generated under this location which has ,/dev/urandom/ as the input. It will be added as the first keyslot in the luksFormat process. If you put this file on a volatile device such as ,/dev/shm/, remember that all your data is garbage after a reboot if you forget to add a second key to the LUKS keyring. The default filename is ,/root/initial_keyfile.bin/. This file will always be created with 0o600 permissions.

-p, --luksparam=,PARAMS/

Pass these additional options to luksFormat, for example to select a different cipher. Parameters have to be passed comma-separated.

-l, --loglevel=,LVL/

Integer value that specifies the level of logging verbosity from 0 to 4 (critical, error, warn, info, debug). Default loglevel is 3 (info).

--resume

Resume a interrupted conversion with the help of a resume file. This file is generated when luksipc aborts, is by default called resume.bin (this can be changed by --resumefile).

--resume-file=,FILE/

Change the file name from which the resume information is read (when resuming a previously aborted conversion) and to which resume information is written (in the case of an abort). By default this will be resume.bin.

--no-seatbelt

Disable several safetly checks which are in place to keep you from losing data. You really need to know what you're doing if you use this.

--i-know-what-im-doing Enable batch mode (will not ask any questions or

confirmations interactively). Please note that you will have to perform any and all sanity checks by yourself if you use this option in order to avoid losing data.

-h, --help

Show this help screen.