cryptsetup

• Manages encrypted device mappings on a basic level.

• Basic commands: create, remove, reload, resize, status

• Passphrase can be read from stdin or a file.

• Actual key is usually obtained by hashing the passphrase.

• Master key generated from passphrase directly. No simple way to change encryption key of the device afterwards.

• No way to detect if the passphrase entered is correct. Mount usually simply fails because it looks like noise.

• Key size, cipher, passphrase hashing and device offsets can be selected using parameters.