Imported Upstream version 2.6.1upstream/2.6.1upstream

39 files changed, 4148 insertions, 2579 deletions

diff --git a/man/Makemodule.am b/man/Makemodule.am
index 3f68441..41e21da 100644
--- a/man/Makemodule.am
+++ b/man/Makemodule.am
@@ -1,15 +1,145 @@
-EXTRA_DIST += man/cryptsetup.8 man/integritysetup.8 man/veritysetup.8 man/cryptsetup-reencrypt.8
+ADOCFILES_COMMON = \
+	man/common_options.adoc \
+	man/common_footer.adoc
 
-man8_MANS += man/cryptsetup.8
+ADOCFILES = $(ADOCFILES_COMMON) \
+	man/cryptsetup.8.adoc \
+	man/cryptsetup-open.8.adoc \
+	man/cryptsetup-close.8.adoc \
+	man/cryptsetup-reencrypt.8.adoc \
+	man/cryptsetup-status.8.adoc \
+	man/cryptsetup-resize.8.adoc \
+	man/cryptsetup-refresh.8.adoc \
+	man/cryptsetup-luksFormat.8.adoc \
+	man/cryptsetup-luksSuspend.8.adoc \
+	man/cryptsetup-luksResume.8.adoc \
+	man/cryptsetup-luksAddKey.8.adoc \
+	man/cryptsetup-luksRemoveKey.8.adoc \
+	man/cryptsetup-luksConvertKey.8.adoc \
+	man/cryptsetup-luksKillSlot.8.adoc \
+	man/cryptsetup-luksChangeKey.8.adoc \
+	man/cryptsetup-erase.8.adoc \
+	man/cryptsetup-luksUUID.8.adoc \
+	man/cryptsetup-isLuks.8.adoc \
+	man/cryptsetup-luksDump.8.adoc \
+	man/cryptsetup-luksHeaderBackup.8.adoc \
+	man/cryptsetup-luksHeaderRestore.8.adoc \
+	man/cryptsetup-token.8.adoc \
+	man/cryptsetup-convert.8.adoc \
+	man/cryptsetup-config.8.adoc \
+	man/cryptsetup-tcryptDump.8.adoc \
+	man/cryptsetup-bitlkDump.8.adoc \
+	man/cryptsetup-fvault2Dump.8.adoc \
+	man/cryptsetup-repair.8.adoc \
+	man/cryptsetup-benchmark.8.adoc \
+	man/cryptsetup-ssh.8.adoc \
+	man/veritysetup.8.adoc \
+	man/integritysetup.8.adoc
 
+dist_noinst_DATA += $(ADOCFILES)
+
+CRYPTSETUP_MANPAGES = \
+	man/cryptsetup.8 \
+	man/cryptsetup-open.8 \
+	man/cryptsetup-close.8 \
+	man/cryptsetup-reencrypt.8 \
+	man/cryptsetup-status.8 \
+	man/cryptsetup-resize.8 \
+	man/cryptsetup-refresh.8 \
+	man/cryptsetup-luksFormat.8 \
+	man/cryptsetup-luksSuspend.8 \
+	man/cryptsetup-luksResume.8 \
+	man/cryptsetup-luksAddKey.8 \
+	man/cryptsetup-luksRemoveKey.8 \
+	man/cryptsetup-luksConvertKey.8 \
+	man/cryptsetup-luksKillSlot.8 \
+	man/cryptsetup-luksChangeKey.8 \
+	man/cryptsetup-erase.8 \
+	man/cryptsetup-luksUUID.8 \
+	man/cryptsetup-isLuks.8 \
+	man/cryptsetup-luksDump.8 \
+	man/cryptsetup-luksHeaderBackup.8 \
+	man/cryptsetup-luksHeaderRestore.8 \
+	man/cryptsetup-token.8 \
+	man/cryptsetup-convert.8 \
+	man/cryptsetup-config.8 \
+	man/cryptsetup-tcryptDump.8 \
+	man/cryptsetup-bitlkDump.8 \
+	man/cryptsetup-fvault2Dump.8 \
+	man/cryptsetup-repair.8 \
+	man/cryptsetup-benchmark.8
+
+CRYPTSETUP_MANLINKS = \
+	man/cryptsetup-create.8 \
+	man/cryptsetup-plainOpen.8 \
+	man/cryptsetup-luksOpen.8 \
+	man/cryptsetup-loopaesOpen.8 \
+	man/cryptsetup-tcryptOpen.8 \
+	man/cryptsetup-bitlkOpen.8 \
+	man/cryptsetup-fvault2Open.8 \
+	man/cryptsetup-luksErase.8
+
+VERITYSETUP_MANPAGES = man/veritysetup.8
+INTEGRITYSETUP_MANPAGES = man/integritysetup.8
+SSHPLUGIN_MANPAGES = man/cryptsetup-ssh.8
+
+MANPAGES_ALL = \
+	$(CRYPTSETUP_MANPAGES) \
+	$(CRYPTSETUP_MANLINKS) \
+	$(VERITYSETUP_MANPAGES) \
+	$(INTEGRITYSETUP_MANPAGES) \
+	$(SSHPLUGIN_MANPAGES)
+
+MANPAGES =
+MANLINKS =
+
+if CRYPTSETUP
+MANPAGES += $(CRYPTSETUP_MANPAGES)
+MANLINKS += $(CRYPTSETUP_MANLINKS)
+endif
 if VERITYSETUP
-man8_MANS += man/veritysetup.8
+MANPAGES += $(VERITYSETUP_MANPAGES)
+endif
+if INTEGRITYSETUP
+MANPAGES += $(INTEGRITYSETUP_MANPAGES)
 endif
+if SSHPLUGIN_TOKEN
+MANPAGES += $(SSHPLUGIN_MANPAGES)
+endif
+
+if ENABLE_ASCIIDOC
+EXTRA_DIST += $(MANPAGES_ALL)
+man8_MANS += $(MANPAGES) $(MANLINKS)
+
+$(MANPAGES): $(ADOCFILES_COMMON)
+
+SUFFIXES = .8.adoc .8
+.8.adoc.8:
+	$(AM_V_GEN) $(ASCIIDOCTOR) -b manpage \
+		-a 'release-version=$(VERSION)' \
+		--base-dir=$(abs_srcdir) \
+		--destination-dir $(abs_builddir)/man $<
+
+$(MANLINKS): $(MANPAGES)
+gen-man: $(man8_MANS)
 
-if REENCRYPT
-man8_MANS += man/cryptsetup-reencrypt.8
+gen-man-dist:
+	@list=`find -name *.adoc -not -path "*/man/common_*" | sed -e 's/\.adoc//g'`; \
+	missing=`for p in $$list; do test -f $$p || echo $$p; done`; \
+	if test -n "$$missing"; then \
+		$(MAKE) $(AM_MAKEFLAGS) $$missing; \
+	fi;
+
+# !ENABLE_ASCIIDOC
+else
+
+if HAVE_MANPAGES
+EXTRA_DIST += $(MANPAGES_ALL)
+man8_MANS += $(MANPAGES) $(MANLINKS)
 endif
 
-if INTEGRITYSETUP
-man8_MANS += man/integritysetup.8
+gen-man:
+gen-man-dist:
 endif
+
+dist-hook: gen-man-dist
diff --git a/man/common_footer.adoc b/man/common_footer.adoc
new file mode 100644
index 0000000..21302eb
--- /dev/null
+++ b/man/common_footer.adoc
@@ -0,0 +1,17 @@
+
+== REPORTING BUGS
+
+Report bugs at mailto:cryptsetup@lists.linux.dev[*cryptsetup mailing list*]
+or in https://gitlab.com/cryptsetup/cryptsetup/-/issues/new[*Issues project section*].
+
+Please attach output of the failed command with --debug option added.
+
+== SEE ALSO
+
+https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions[*Cryptsetup FAQ*]
+
+*cryptsetup*(8), *integritysetup*(8) and *veritysetup*(8)
+
+== CRYPTSETUP
+
+Part of https://gitlab.com/cryptsetup/cryptsetup/[*cryptsetup project*].
diff --git a/man/common_options.adoc b/man/common_options.adoc
new file mode 100644
index 0000000..56a6e29
--- /dev/null
+++ b/man/common_options.adoc
@@ -0,0 +1,1195 @@
+== OPTIONS
+
+ifdef::ACTION_REENCRYPT[]
+*--block-size* _value_ *(LUKS1 only)*::
+Use re-encryption block size of _value_ in MiB.
++
+Values can be between 1 and 64 MiB.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--use-directio (LUKS1 only)*::
+Use direct-io (O_DIRECT) for all read/write data operations related
+to block device undergoing reencryption.
++
+Useful if direct-io operations perform better than normal buffered
+operations (e.g. in virtual environments).
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--use-fsync (LUKS1 only)*::
+Use fsync call after every written block. This applies for reencryption
+log files as well.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--write-log (LUKS1 only)*::
+Update log file after every block write. This can slow down reencryption
+but will minimize data loss in the case of system crash.
+endif::[]
+
+ifdef::ACTION_ISLUKS[]
+*--verbose, -v*::
+Print more information on command execution.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_LUKSADDKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSKILLSLOT,ACTION_ISLUKS,ACTION_LUKSDUMP,ACTION_LUKSUUID,ACTION_CONVERT,ACTION_REPAIR,ACTION_REENCRYPT[]
+*--type <device-type>*::
+ifndef::ACTION_REENCRYPT[]
+Specifies required device type, for more info read _BASIC ACTIONS_ section in *cryptsetup*(8).
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+Specifies required (encryption mode) or expected (other modes) LUKS format. Accepts only _luks1_ or _luks2_.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_TCRYPTDUMP,ACTION_BENCHMARK,ACTION_REENCRYPT[]
+*--hash, -h* _<hash-spec>_::
+ifdef::ACTION_OPEN,ACTION_TCRYPTDUMP[]
+Specifies the passphrase hash. Applies to _plain_ and _loopaes_ device types only.
++
+For _tcrypt_ device type, it restricts checked PBKDF2 variants when looking for header.
+endif::[]
+ifdef::ACTION_LUKSFORMAT[]
+Specifies the hash used in the LUKS key setup scheme and volume key
+digest.
+endif::[]
+ifndef::ACTION_REENCRYPT,ACTION_OPEN,ACTION_TCRYPTDUMP[]
+The specified hash is used for PBKDF2 and AF splitter.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+*LUKS1:*
+Specifies the hash used in the LUKS1 key setup scheme and volume key digest.
++
+*NOTE*: if this parameter is not specified, default hash algorithm is always used
+for new LUKS1 device header.
++
+*LUKS2:* Ignored unless new keyslot pbkdf algorithm is set to PBKDF2 (see --pbkdf).
+endif::[]
++
+ifdef::ACTION_LUKSFORMAT[]
+The hash algorithm must provide at least 160 bits of output.
+Do not use a non-crypto hash like *xxhash* as this breaks security.
+Use _cryptsetup --help_ to show the defaults.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_REENCRYPT,ACTION_TCRYPTDUMP,ACTION_BENCHMARK[]
+*--cipher, -c* _<cipher-spec>_::
+ifdef::ACTION_OPEN,ACTION_TCRYPTDUMP[]
+Set the cipher specification string for _plain_ device type.
++
+For _tcrypt_ device type it restricts checked cipher chains when looking for header.
+endif::[]
+ifndef::ACTION_REENCRYPT,ACTION_OPEN,ACTION_TCRYPTDUMP[]
+Set the cipher specification string.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+*LUKS2*:
+Set the cipher specification string for data segment only.
++
+*LUKS1*:
+Set the cipher specification string for data segment and keyslots.
++
+*NOTE*: In encrypt mode, if cipher specification is omitted the default cipher is applied.
+In reencrypt mode, if no new cipher specification is requested, the existing cipher will remain
+in use. Unless the existing cipher was "cipher_null". In that case default cipher would
+be applied as in encrypt mode.
+endif::[]
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
++
+_cryptsetup --help_ shows the compiled-in defaults.
++
+If a hash is part of the cipher specification, then it is used as part
+of the IV generation. For example, ESSIV needs a hash function, while
+"plain64" does not and hence none is specified.
++
+For XTS mode you can optionally set a key size of 512 bits with the -s
+option. Key size for XTS mode is twice that for other modes for the same
+security level.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_LUKSADDKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSKILLSLOT,ACTION_REPAIR,ACTION_TCRYPTDUMP,ACTION_REENCRYPT[]
+*--verify-passphrase, -y*::
+When interactively asking for a passphrase, ask for it twice and
+complain if both inputs do not match.
+ifdef::ACTION_OPEN[]
+Advised when creating a _plain_ type mapping for the first time.
+endif::[]
+Ignored on input from file or stdin.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_LUKSADDKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSKILLSLOT,ACTION_LUKSDUMP,ACTION_TCRYPTDUMP,ACTION_REENCRYPT,ACTION_REPAIR,ACTION_BITLKDUMP[]
+*--key-file, -d* _name_::
+Read the passphrase from file.
++
+If the name given is "-", then the passphrase will be read from stdin.
+In this case, reading will not stop at newline characters.
++
+ifdef::ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY[]
+The passphrase supplied via --key-file is always the passphrase for existing
+keyslot requested by the command.
++
+If you want to set a new passphrase via key file, you have to use a
+positional argument or parameter --new-keyfile.
++
+endif::[]
+ifdef::ACTION_OPEN[]
+*NOTE:* With _plain_ device type, the passphrase obtained via --key-file option is
+passed directly in dm-crypt. Unlike the interactive mode (stdin)
+where digest (--hash option) of the passphrase is passed in dm-crypt instead.
++
+endif::[]
+ifndef::ACTION_REENCRYPT[]
+See section _NOTES ON PASSPHRASE PROCESSING_ in *cryptsetup*(8) for more information.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+*WARNING:* --key-file option can be used only if there is only one active keyslot,
+or alternatively, also if --key-slot option is specified (then all other keyslots
+will be disabled in new LUKS device).
++
+If this option is not used, cryptsetup will ask for all active keyslot
+passphrases.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_LUKSADDKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSKILLSLOT,ACTION_LUKSDUMP,ACTION_REENCRYPT,ACTION_REPAIR,ACTION_BITLKDUMP[]
+*--keyfile-offset* _value_::
+Skip _value_ bytes at the beginning of the key file.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_LUKSADDKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSKILLSLOT,ACTION_LUKSDUMP,ACTION_REENCRYPT,ACTION_REPAIR,ACTION_BITLKDUMP[]
+*--keyfile-size, -l* _value_::
+Read a maximum of _value_ bytes from the key file. The default is to
+read the whole file up to the compiled-in maximum that can be queried
+with --help. Supplying more data than the compiled-in maximum aborts
+the operation.
++
+This option is useful to cut trailing newlines, for example. If
+--keyfile-offset is also given, the size count starts after the offset.
+endif::[]
+
+ifdef::ACTION_LUKSADDKEY[]
+*--new-keyfile* _name_::
+Read the passphrase for a new keyslot from file.
++
+If the name given is "-", then the passphrase will be read from stdin.
+In this case, reading will not stop at newline characters.
++
+This is alternative method to positional argument when adding new
+passphrase via kefile.
+endif::[]
+
+ifdef::ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY[]
+*--new-keyfile-offset* _value_::
+Skip _value_ bytes at the start when adding a new passphrase from key
+file.
+endif::[]
+
+ifdef::ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY[]
+*--new-keyfile-size* _value_::
+Read a maximum of _value_ bytes when adding a new passphrase from key
+file. The default is to read the whole file up to
+the compiled-in maximum length that can be queried with --help.
+Supplying more than the compiled in maximum aborts the operation. When
+--new-keyfile-offset is also given, reading starts after the offset.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSDUMP,ACTION_BITLKDUMP,ACTION_REENCRYPT[]
+*--volume-key-file, --master-key-file (OBSOLETE alias)*::
+ifndef::ACTION_REENCRYPT[]
+Use a volume key stored in a file.
+endif::[]
+ifdef::ACTION_FORMAT[]
++
+This allows creating a LUKS header with this specific
+volume key. If the volume key was taken from an existing LUKS header and
+all other parameters are the same, then the new header decrypts the data
+encrypted with the header the volume key was taken from. +
+endif::[]
+ifdef::ACTION_LUKSDUMP,ACTION_BITLKDUMP[]
+The volume key is stored in a file instead of being printed out to standard output. +
+endif::[]
+ifdef::ACTION_LUKSADDKEY[]
+This allows adding a new keyslot without having to know passphrase to existing one.
+It may be also used when no keyslot is active.
++
+endif::[]
+ifdef::ACTION_OPEN[]
+This allows one to open _luks_ and _bitlk_ device types without giving a passphrase. +
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+Use (set) new volume key stored in a file. +
+endif::[]
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_REENCRYPT[]
+*WARNING:* If you create your own volume key, you need to make sure to
+do it right. Otherwise, you can end up with a low-entropy or otherwise
+partially predictable volume key which will compromise security.
+endif::[]
+endif::[]
+
+ifdef::ACTION_LUKSDUMP[]
+*--dump-json-metadata*::
+For _luksDump_ (LUKS2 only) this option prints content of LUKS2 header
+JSON metadata area.
+endif::[]
+
+ifdef::ACTION_LUKSDUMP,ACTION_TCRYPTDUMP,ACTION_BITLKDUMP[]
+*--dump-volume-key, --dump-master-key (OBSOLETE alias)*::
+Print the volume key in the displayed information. Use with care,
+as the volume key can be used to bypass
+the passphrases, see also option --volume-key-file.
+endif::[]
+
+ifdef::ACTION_TOKEN[]
+*--json-file*::
+Read token JSON from a file or write token to it. --json-file=- reads JSON from
+standard input or writes it to standard output respectively.
+endif::[]
+
+ifdef::ACTION_TOKEN[]
+*--token-replace*::
+Replace an existing token when adding or importing a token with the
+--token-id option.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+*--use-random*::
+*--use-urandom*::
+ifdef::ACTION_REENCRYPT[]
+Define which kernel random number generator will be used to create the volume key.
+endif::[]
+ifndef::ACTION_REENCRYPT[]
+For _luksFormat_ these options define which kernel random number
+generator will be used to create the volume key (which is a long-term
+key).
++
+See *NOTES ON RANDOM NUMBER GENERATORS* in *cryptsetup*(8) for more
+information. Use _cryptsetup --help_ to show the compiled-in default random
+number generator.
++
+*WARNING:* In a low-entropy situation (e.g. in an embedded system) and older
+kernels, both selections are problematic. Using /dev/urandom can lead to weak keys.
+Using /dev/random can block a long time, potentially forever, if not
+enough entropy can be harvested by the kernel.
+endif::[]
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--keep-key*::
+*LUKS2*:
+Do not change effective volume key and change other parameters provided
+it is requested.
++
+*LUKS1*:
+Reencrypt only the LUKS1 header and keyslots. Skips data in-place reencryption.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSDUMP,ACTION_LUKSRESUME,ACTION_TOKEN,ACTION_CONFIG,ACTION_TOKEN,ACTION_REPAIR,ACTION_REENCRYPT[]
+*--key-slot, -S <0-N>*::
+ifdef::ACTION_LUKSADDKEY[]
+When used together with parameter --new-key-slot this option allows you to specify which
+key slot is selected for unlocking volume key.
++
+*NOTE:* This option is ignored if existing volume key gets unlocked
+via LUKS2 token (--token-id, --token-type or --token-only parameters) or
+when volume key is provided directly via --volume-key-file parameter.
++
+*NOTE:* To maintain backward compatibility, without --new-key-slot parameter,
+this option allows you to specify which key slot is selected for the new key.
+endif::[]
+ifndef::ACTION_OPEN,ACTION_LUKSADDKEY[]
+For LUKS operations that add key material, this option allows you to
+specify which key slot is selected for the new key.
+endif::[]
+ifdef::ACTION_OPEN[]
+This option selects a specific key-slot to
+compare the passphrase against. If the given passphrase would only
+match a different key-slot, the operation fails.
+endif::[]
++
+ifdef::ACTION_REENCRYPT[]
+For reencryption mode it selects specific keyslot (and passphrase) that can be used to unlock new volume key.
+If used all other keyslots get removed after reencryption operation is finished.
++
+endif::[]
+The maximum number of key slots depends on the LUKS version. LUKS1 can have up
+to 8 key slots. LUKS2 can have up to 32 key slots based on key slot area
+size and key size, but a valid key slot ID can always be between 0 and
+31 for LUKS2.
+endif::[]
+
+ifdef::ACTION_LUKSADDKEY[]
+*--new-key-slot <0-N>*::
+This option allows you to specify which key slot is selected for
+the new key.
++
+*NOTE:* When used this option affects --key-slot option.
++
+The maximum number of key slots depends on the LUKS version. LUKS1 can have up
+to 8 key slots. LUKS2 can have up to 32 key slots based on key slot area
+size and key size, but a valid key slot ID can always be between 0 and
+31 for LUKS2.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_REENCRYPT,ACTION_BENCHMARK,ACTION_LUKSADDKEY[]
+*--key-size, -s* _bits_::
+ifndef::ACTION_LUKSADDKEY[]
+Sets key size in _bits_. The argument has to be a multiple of 8. The
+possible key-sizes are limited by the cipher and mode used.
++
+See /proc/crypto for more information. Note that key-size in
+/proc/crypto is stated in bytes.
++
+endif::[]
+ifdef::ACTION_LUKSADDKEY[]
+Provide volume key size in _bits_. The argument has to be a multiple of 8.
++
+This option is required when parameter --volume-key-file is used to provide
+current volume key. Also, it is used when new unbound keyslot is created by
+specifying --unbound parameter.
+endif::[]
+ifdef::ACTION_OPEN[]
+This option can be used for _plain_ device type only.
+endif::[]
+ifndef::ACTION_REENCRYPT,ACTION_OPEN,ACTION_LUKSADDKEY[]
+This option can be used for _open --type plain_ or _luksFormat_. All
+other LUKS actions will use the key-size specified in the LUKS header.
+Use _cryptsetup --help_ to show the compiled-in defaults.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+*LUKS1*:
+If you are increasing key size, there must be enough space in the LUKS header
+for enlarged keyslots (data offset must be large enough) or reencryption
+cannot be performed.
++
+If there is not enough space for keyslots with new key size,
+you can destructively shrink device with --reduce-device-size option.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE[]
+*--size, -b <number of 512 byte sectors>*::
+Set the size of the device in sectors of 512 bytes.
+ifdef::ACTION_OPEN[]
+Usable only with _plain_ device type.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+*--offset, -o <number of 512 byte sectors>*::
+Start offset in the backend device in 512-byte sectors.
+ifdef::ACTION_OPEN[]
+This option is only relevant with plain or loopaes device types.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+This option is only relevant for the encrypt mode.
+endif::[]
++
+ifndef::ACTION_OPEN[]
+The --offset option sets the data offset (payload) of data
+device and must be aligned to 4096-byte sectors (must be multiple of
+8). This option cannot be combined with --align-payload option.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN[]
+*--skip, -p <number of 512 byte sectors>*::
+Start offset used in IV calculation in 512-byte sectors (how many
+sectors of the encrypted data to skip at the beginning). This option
+is only relevant with plain or loopaes device types.
++
+Hence, if --offset _n_, and --skip _s_, sector _n_ (the first sector of
+the encrypted device) will get a sector number of _s_ for the IV
+calculation.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_REENCRYPT,ACTION_RESIZE[]
+*--device-size* _size[units]_::
+ifndef::ACTION_RESIZE[]
+Instead of real device size, use specified value.
+endif::[]
+ifdef::ACTION_RESIZE[]
+Sets new size of the device. If unset real device size is used.
+endif::[]
+ifdef::ACTION_OPEN[]
+Usable only with _plain_ device type.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+It means that only specified area (from the start of the device
+to the specified size) will be reencrypted.
++
+*WARNING:* This is destructive operation. Data beyond --device-size limit may
+be lost after operation gets finished.
+endif::[]
++
+If no unit suffix is specified, the size is in bytes.
++
+Unit suffix can be S for 512 byte sectors, K/M/G/T (or KiB,MiB,GiB,TiB)
+for units with 1024 base or KB/MB/GB/TB for 1000 base (SI scale).
+endif::[]
+
+ifdef::ACTION_OPEN[]
+*--readonly, -r*::
+set up a read-only mapping.
+endif::[]
+
+ifdef::ACTION_OPEN[]
+*--shared*::
+Creates an additional mapping for one common ciphertext device.
+Arbitrary mappings are supported. This option is only relevant for the
+_plain_ device type. Use --offset, --size and --skip to specify
+the mapped area.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT,ACTION_BENCHMARK[]
+*--pbkdf <PBKDF spec>*::
+Set Password-Based Key Derivation Function (PBKDF) algorithm for LUKS
+keyslot. The PBKDF can be: _pbkdf2_ (for PBKDF2 according to RFC2898),
+_argon2i_ for Argon2i or _argon2id_ for Argon2id (see
+https://www.cryptolux.org/index.php/Argon2[Argon2] for more info).
++
+For LUKS1, only PBKDF2 is accepted (no need to use this option). The
+default PBKDF for LUKS2 is set during compilation time and is available
+in _cryptsetup --help_ output.
++
+A PBKDF is used for increasing dictionary and brute-force attack cost
+for keyslot passwords. The parameters can be time, memory and parallel
+cost.
++
+For PBKDF2, only time cost (number of iterations) applies. For
+Argon2i/id, there is also memory cost (memory required during the
+process of key derivation) and parallel cost (number of threads that run
+in parallel during the key derivation.
++
+Note that increasing memory cost also increases time, so the final
+parameter values are measured by a benchmark. The benchmark tries to
+find iteration time (_--iter-time_) with required memory cost
+_--pbkdf-memory_. If it is not possible, the memory cost is decreased as
+well. The parallel cost _--pbkdf-parallel_ is constant and is checked
+against available CPU cores.
++
+You can see all PBKDF parameters for particular LUKS2 keyslot with
+*cryptsetup-luksDump*(8) command.
++
+*NOTE:* If you do not want to use benchmark and want to specify all
+parameters directly, use _--pbkdf-force-iterations_ with
+_--pbkdf-memory_ and _--pbkdf-parallel_. This will override the values
+without benchmarking. Note it can cause extremely long unlocking time.
+Use only in specific cases, for example, if you know that the formatted
+device will be used on some small embedded system.
++
+*MINIMAL AND MAXIMAL PBKDF COSTS:* For *PBKDF2*, the minimum iteration
+count is 1000 and maximum is 4294967295 (maximum for 32bit unsigned
+integer). Memory and parallel costs are unused for PBKDF2. For *Argon2i*
+and *Argon2id*, minimum iteration count (CPU cost) is 4 and maximum is
+4294967295 (maximum for 32bit unsigned integer). Minimum memory cost is
+32 KiB and maximum is 4 GiB. (Limited by addressable memory on some CPU
+platforms.) If the memory cost parameter is benchmarked (not specified
+by a parameter) it is always in range from 64 MiB to 1 GiB. The parallel
+cost minimum is 1 and maximum 4 (if enough CPUs cores are available,
+otherwise it is decreased).
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT,ACTION_BENCHMARK[]
+*--iter-time, -i <number of milliseconds>*::
+ifndef::ACTION_REENCRYPT[]
+The number of milliseconds to spend with PBKDF passphrase processing.
+Specifying 0 as parameter selects the compiled-in default.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+The number of milliseconds to spend with PBKDF passphrase processing for the
+new LUKS header.
+endif::[]
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT,ACTION_BENCHMARK[]
+*--pbkdf-memory <number>*::
+Set the memory cost for PBKDF (for Argon2i/id the number represents
+kilobytes). Note that it is maximal value, PBKDF benchmark or
+available physical memory can decrease it. This option is not
+available for PBKDF2.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT,ACTION_BENCHMARK[]
+*--pbkdf-parallel <number>*::
+Set the parallel cost for PBKDF (number of threads, up to 4). Note
+that it is maximal value, it is decreased automatically if CPU online
+count is lower. This option is not available for PBKDF2.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT[]
+*--pbkdf-force-iterations <num>*::
+Avoid PBKDF benchmark and set time cost (iterations) directly. It can
+be used for LUKS/LUKS2 device only. See _--pbkdf_ option for more
+info.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+*--progress-frequency* _seconds_::
+ifndef::ACTION_REENCRYPT[]
+Print separate line every _seconds_ with wipe progress.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+Print separate line every _seconds_ with reencryption progress.
+endif::[]
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+*--progress-json*::
+Prints progress data in JSON format suitable mostly for machine
+processing. It prints separate line every half second (or based on
+_--progress-frequency_ value). The JSON output looks as follows during
+progress (except it's compact single line):
++
+....
+{
+  "device":"/dev/sda"       // backing device or file
+  "device_bytes":"8192",    // bytes of I/O so far
+  "device_size":"44040192", // total bytes of I/O to go
+  "speed":"126877696",      // calculated speed in bytes per second (based on progress so far)
+  "eta_ms":"2520012"        // estimated time to finish an operation in milliseconds
+  "time_ms":"5561235"       // total time spent in IO operation in milliseconds
+}
+....
++
+Note on numbers in JSON output: Due to JSON parsers limitations all
+numbers are represented in a string format due to need of full 64bit
+unsigned integers.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSKILLSLOT,ACTION_LUKSDUMP,ACTION_REENCRYPT,ACTION_REPAIR,ACTION_LUKSRESUME,ACTION_RESIZE,ACTION_TCRYPTDUMP,ACTION_BITLKDUMP[]
+*--timeout, -t <number of seconds>*::
+The number of seconds to wait before timeout on passphrase input via
+terminal. It is relevant every time a passphrase is asked.
+It has no effect if used in conjunction with --key-file.
++
+This option is useful when the system should not stall if the user
+does not input a passphrase, e.g. during boot. The default is a value
+of 0 seconds, which means to wait forever.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSRESUME,ACTION_REENCRYPT[]
+*--tries, -T*::
+How often the input of the passphrase shall be retried. The default is 3 tries.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+*--align-payload <number of 512 byte sectors>*::
+Align payload at a boundary of _value_ 512-byte sectors.
++
+If not specified, cryptsetup tries to use the topology info provided by
+the kernel for the underlying device to get the optimal alignment. If
+not available (or the calculated value is a multiple of the default)
+data is by default aligned to a 1MiB boundary (i.e. 2048 512-byte
+sectors).
++
+For a detached LUKS header, this option specifies the offset on the data
+device. See also the --header option.
++
+*WARNING:* This option is DEPRECATED and has often unexpected impact to
+the data offset and keyslot area size (for LUKS2) due to the complex
+rounding. For fixed data device offset use _--offset_ option instead.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSUUID,ACTION_REENCRYPT[]
+*--uuid <UUID>*::
+ifndef::ACTION_REENCRYPT[]
+Use the provided _UUID_ for the _luksFormat_ command instead of
+generating a new one. Changes the existing _UUID_ when used with the
+_luksUUID_ command.
++
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+When used in encryption mode use the provided _UUID_ for the new LUKS header
+instead of generating a new one.
++
+*LUKS1 (only in decryption mode)*:
+To find out what _UUID_ to pass look for temporary files LUKS-_UUID_.[|log|org|new]
+of the interrupted decryption process.
++
+endif::[]
+The _UUID_ must be provided in the standard UUID format, e.g.
+12345678-1234-1234-1234-123456789abc.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_REFRESH[]
+*--allow-discards*::
+Allow the use of discard (TRIM) requests for the device. This is also not
+supported for LUKS2 devices with data integrity protection.
++
+*WARNING:* This command can have a negative security impact because it
+can make filesystem-level operations visible on the physical device. For
+example, information leaking filesystem type, used space, etc. may be
+extractable from the physical device if the discarded blocks can be
+located later. If in doubt, do not use it.
++
+A kernel version of 3.1 or later is needed. For earlier kernels, this
+option is ignored.
+endif::[]
+
+ifdef::ACTION_REFRESH,ACTION_OPEN[]
+*--perf-same_cpu_crypt*::
+Perform encryption using the same cpu that IO was submitted on. The
+default is to use an unbound workqueue so that encryption work is
+automatically balanced between available CPUs.
++
+*NOTE:* This option is available only for low-level dm-crypt performance
+tuning, use only if you need a change to default dm-crypt behaviour.
+Needs kernel 4.0 or later.
+endif::[]
+
+ifdef::ACTION_REFRESH,ACTION_OPEN[]
+*--perf-submit_from_crypt_cpus*::
+Disable offloading writes to a separate thread after encryption. There
+are some situations where offloading write bios from the encryption
+threads to a single thread degrades performance significantly. The
+default is to offload write bios to the same thread.
++
+*NOTE:* This option is available only for low-level dm-crypt performance
+tuning, use only if you need a change to default dm-crypt behaviour.
+Needs kernel 4.0 or later.
+endif::[]
+
+ifdef::ACTION_REFRESH,ACTION_OPEN[]
+*--perf-no_read_workqueue, --perf-no_write_workqueue*::
+Bypass dm-crypt internal workqueue and process read or write requests
+synchronously.
++
+*NOTE:* These options are available only for low-level dm-crypt
+performance tuning, use only if you need a change to default dm-crypt
+behaviour. Needs kernel 5.9 or later.
+endif::[]
+
+ifdef::ACTION_OPEN[]
+*--test-passphrase*::
+Do not activate the device, just verify passphrase. The device mapping name is
+not mandatory if this option is used.
+endif::[]
+
+ifndef::ACTION_BENCHMARK,ACTION_BITLKDUMP[]
+*--header <device or file storing the LUKS header>*::
+ifndef::ACTION_OPEN[]
+Use a detached (separated) metadata device or file where the LUKS
+header is stored. This option allows one to store ciphertext and LUKS
+header on different devices.
++
+endif::[]
+ifdef::ACTION_OPEN[]
+Specify detached (separated) metadata device or file where the header is stored.
++
+*WARNING:* There is no check whether the ciphertext device specified
+actually belongs to the header given. In fact, you can specify an
+arbitrary device as the ciphertext device with the --header option.
+Use with care.
+endif::[]
+ifndef::ACTION_REENCRYPT[]
+ifdef::ACTION_LUKSFORMAT[]
+With a file name as the argument to --header, the file
+will be automatically created if it does not exist. See the cryptsetup
+FAQ for header size calculation.
++
+The --align-payload option is taken as absolute sector alignment on ciphertext
+device and can be zero.
+endif::[]
+ifndef::ACTION_LUKSFORMAT,ACTION_OPEN[]
+For commands that change the LUKS header (e.g. _luksAddKey_),
+specify the device or file with the LUKS header directly as the LUKS
+device.
+endif::[]
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+If used with --encrypt/--new option, the header file will be created (or overwritten).
+Use with care.
++
+*LUKS2*:
+For decryption mode the option may be used to export original LUKS2 header
+to a detached file. The passed future file must not exist at the time
+of initializing the decryption operation. This frees space in head of data
+device so that data can be moved at original LUKS2 header location. Later on
+decryption operation continues as if the ordinary detached header was passed.
++
+*WARNING:* Never put exported header file in a filesystem on top of device
+you are about to decrypt! It would cause a deadlock.
+endif::[]
+endif::[]
+
+ifdef::ACTION_LUKSHEADERBACKUP,ACTION_LUKSHEADERRESTORE[]
+*--header-backup-file <file>*::
+Specify file with header backup file.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--force-offline-reencrypt (LUKS2 only)*::
+Bypass active device auto-detection and enforce offline reencryption.
++
+This option is useful especially for reencryption of LUKS2 images put in
+files (auto-detection is not reliable in this scenario).
++
+It may also help in case active device auto-detection on particular
+data device does not work or report errors.
++
+*WARNING:* Use with extreme caution! This may destroy data if the device
+is activated and/or actively used.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT[]
+*--force-password*::
+Do not use password quality checking for new LUKS passwords.
++
+This option is ignored if cryptsetup is built without password
+quality checking support.
++
+For more info about password quality check, see the manual page for
+*pwquality.conf(5)* and *passwdqc.conf(5)*.
+endif::[]
+
+ifdef::ACTION_CLOSE[]
+*--deferred*::
+Defers device removal in _close_ command until the last user closes
+it.
+endif::[]
+
+ifdef::ACTION_CLOSE[]
+*--cancel-deferred*::
+Removes a previously configured deferred device removal in _close_
+command.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSRESUME,ACTION_RESIZE,ACTION_TOKEN[]
+*--disable-external-tokens*::
+Disable loading of plugins for external LUKS2 tokens.
+endif::[]
+
+ifndef::ACTION_BENCHMARK,ACTION_BITLKDUMP,ACTION_TCRYPTDUMP[]
+*--disable-locks*::
+Disable lock protection for metadata on disk. This option is valid
+only for LUKS2 and ignored for other formats.
++
+ifdef::ACTION_REENCRYPT[]
+*NOTE:* With locking disabled LUKS2 images in files can be fully (re)encrypted
+offline without need for super user privileges provided used block ciphers are
+available in crypto backend.
++
+endif::[]
+*WARNING:* Do not use this option unless you run cryptsetup in a
+restricted environment where locking is impossible to perform (where
+/run directory cannot be used).
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_REFRESH,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_TOKEN,ACTION_REENCRYPT[]
+*--disable-keyring*::
+Do not load volume key in kernel keyring and store it directly in the
+dm-crypt target instead. This option is supported only for the LUKS2 type.
+endif::[]
+
+ifdef::ACTION_TOKEN[]
+*--key-description <text>*::
+Set key description in keyring for use with _token_ command.
+endif::[]
+
+ifdef::ACTION_CONFIG[]
+*--priority <normal|prefer|ignore>*::
+Set a priority for LUKS2 keyslot. The _prefer_ priority marked slots
+are tried before _normal_ priority. The _ignored_ priority means, that
+slot is never used, if not explicitly requested by _--key-slot_
+option.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSRESUME,ACTION_TOKEN,ACTION_LUKSADDKEY[]
+*--token-id*::
+ifndef::ACTION_TOKEN,ACTION_LUKSADDKEY[]
+Specify what token to use and allow token PIN prompt to take precedence over interative
+keyslot passphrase prompt. If omitted, all available tokens (not protected by PIN)
+will be checked before proceeding further with passphrase prompt.
+endif::[]
+ifdef::ACTION_LUKSADDKEY[]
+Specify what token to use when unlocking existing keyslot to get volume key.
+endif::[]
+ifdef::ACTION_TOKEN[]
+Specify token number. If omitted, first unused token id is used when adding or importing
+new token.
+endif::[]
+endif::[]
+
+ifdef::ACTION_LUKSADDKEY[]
+*--new-token-id*::
+Specify what token to use to get the passphrase for a new keyslot.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSRESUME,ACTION_LUKSADDKEY[]
+*--token-only*::
+ifndef::ACTION_LUKSADDKEY[]
+Do not proceed further with action if token based keyslot unlock failed. Without the
+option, action asks for passphrase to proceed further.
++
+It allows LUKS2 tokens protected by PIN to take precedence over interactive keyslot
+passphrase prompt.
+endif::[]
+ifdef::ACTION_LUKSADDKEY[]
+Use only LUKS2 tokens to unlock existing volume key.
++
+*NOTE*: To create a new keyslot using passphrase provided by a token use --new-token-id parameter.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSRESUME,ACTION_LUKSADDKEY[]
+*--token-type* _type_::
+ifndef::ACTION_LUKSADDKEY[]
+Restrict tokens eligible for operation to specific token _type_.
+Mostly useful when no --token-id is specified.
++
+It allows LUKS2 _type_ tokens protected by PIN to take precedence over interactive keyslot
+passphrase prompt.
+endif::[]
+ifdef::ACTION_LUKSADDKEY[]
+Specify what token type (all _type_ tokens) to use when unlocking existing keyslot to get volume key.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+ifndef::ACTION_REENCRYPT[]
+*--sector-size* _bytes_::
+endif::[]
+ifndef::ACTION_REENCRYPT[]
+ifdef::ACTION_OPEN[]
+Set encryption sector size for use with _plain_ device type. It must be power of two
+and in range 512 - 4096 bytes. The default mode is 512 bytes.
++
+Note that if sector size is higher than underlying device hardware
+sector, using this option can increase risk on incomplete sector writes during a
+power fail.
+endif::[]
+ifdef::ACTION_LUKSFORMAT[]
+Set sector size for use with disk encryption. It must be power of two
+and in range 512 - 4096 bytes. This option is available only with LUKS2
+format.
++
+For LUKS2 devices it's established based on parameters provided by
+underlying data device. For native 4K block devices it's 4096 bytes.
+For 4K/512e (4K physical sector size with 512 bytes emulation) it's
+4096 bytes. For drives reporting only 512 bytes block size it remains
+512 bytes. If data device is regular file put in filesystem it's 4096
+bytes.
++
+Note that if sector size is higher than underlying device hardware
+sector and there is not integrity protection that uses data journal,
+using this option can increase risk on incomplete sector writes during a
+power fail.
++
+If used together with _--integrity_ option and dm-integrity journal, the
+atomicity of writes is guaranteed in all cases (but it cost write
+performance - data has to be written twice).
+endif::[]
++
+Increasing sector size from 512 bytes to 4096 bytes can provide better
+performance on most of the modern storage devices and also with some hw
+encryption accelerators.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+*--sector-size* _bytes_ *(LUKS2 only)*::
+Reencrypt device with new encryption sector size enforced.
++
+*WARNING:* Increasing encryption sector size may break hosted filesystem. Do not
+run reencryption with --force-offline-reencrypt if unsure what block size
+was filesystem formatted with.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN[]
+*--iv-large-sectors*::
+Count Initialization Vector (IV) in larger sector size (if set)
+instead of 512 bytes sectors. This option can be used only with _plain_
+device type.
++
+*NOTE:* This option does not have any performance or security impact,
+use it only for accessing incompatible existing disk images from other
+systems that require this option.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_REFRESH[]
+*--persistent*::
+If used with LUKS2 devices and activation commands like _open_ or
+_refresh_, the specified activation flags are persistently written
+into metadata and used next time automatically even for normal
+activation. (No need to use cryptab or other system configuration
+files.)
++
+If you need to remove a persistent flag, use _--persistent_ without the
+flag you want to remove (e.g. to disable persistently stored discard
+flag, use _--persistent_ without _--allow-discards_).
++
+Only _--allow-discards_, _--perf-same_cpu_crypt_,
+_--perf-submit_from_crypt_cpus_, _--perf-no_read_workqueue_,
+_--perf-no_write_workqueue_ and _--integrity-no-journal_ can be stored
+persistently.
+endif::[]
+
+ifdef::ACTION_OPEN[]
+*--refresh*::
+Refreshes an active device with new set of parameters. See
+*cryptsetup-refresh*(8) for more details.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_CONFIG,ACTION_REENCRYPT[]
+*--label <LABEL> --subsystem <SUBSYSTEM>*::
+Set label and subsystem description for LUKS2 device.
+The label and subsystem are optional fields and can be later used
+in udev scripts for triggering user actions once the device marked
+by these labels is detected.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT[]
+*--integrity <integrity algorithm>*::
+Specify integrity algorithm to be used for authenticated disk
+encryption in LUKS2.
++
+*WARNING: This extension is EXPERIMENTAL* and requires dm-integrity
+kernel target (available since kernel version 4.12). For native AEAD
+modes, also enable "User-space interface for AEAD cipher algorithms" in
+"Cryptographic API" section (CONFIG_CRYPTO_USER_API_AEAD .config
+option).
++
+For more info, see _AUTHENTICATED DISK ENCRYPTION_ section in *cryptsetup*(8).
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT[]
+*--integrity-legacy-padding*::
+Use inefficient legacy padding.
++
+*WARNING*: Do not use this option until you need compatibility with specific
+old kernel.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+*--luks2-metadata-size <size>*::
+This option can be used to enlarge the LUKS2 metadata (JSON) area. The
+size includes 4096 bytes for binary metadata (usable JSON area is
+smaller of the binary area). According to LUKS2 specification, only
+these values are valid: 16, 32, 64, 128, 256, 512, 1024, 2048 and 4096
+kB The <size> can be specified with unit suffix (for example 128k).
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+*--luks2-keyslots-size <size>*::
+This option can be used to set specific size of the LUKS2 binary
+keyslot area (key material is encrypted there). The value must be
+aligned to multiple of 4096 bytes with maximum size 128MB. The <size>
+can be specified with unit suffix (for example 128k).
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT[]
+*--keyslot-cipher <cipher-spec>*::
+This option can be used to set specific cipher encryption for the
+LUKS2 keyslot area.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT[]
+*--keyslot-key-size <bits>*::
+This option can be used to set specific key size for the LUKS2 keyslot
+area.
+endif::[]
+
+ifdef::ACTION_REFRESH[]
+*--integrity-no-journal*::
+Activate device with integrity protection without using data journal
+(direct write of data and integrity tags). Note that without journal
+power fail can cause non-atomic write and data corruption. Use only if
+journalling is performed on a different storage layer.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT[]
+*--integrity-no-wipe*::
+Skip wiping of device authentication (integrity) tags. If you skip
+this step, sectors will report invalid integrity tag until an
+application write to the sector.
++
+*NOTE:* Even some writes to the device can fail if the write is not
+aligned to page size and page-cache initiates read of a sector with
+invalid integrity tag.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSADDKEY,ACTION_LUKSDUMP,ACTION_TOKEN[]
+*--unbound*::
+ifdef::ACTION_LUKSADDKEY[]
+Creates new LUKS2 unbound keyslot.
+endif::[]
+ifdef::ACTION_LUKSDUMP[]
+Dumps existing LUKS2 unbound keyslot.
+endif::[]
+ifdef::ACTION_OPEN[]
+Allowed only together with --test-passphrase parameter, it allows one to test
+passphrase for unbound LUKS2 keyslot. Otherwise, unbound keyslot passphrase
+can be tested only when specific keyslot is selected via --key-slot parameter.
+endif::[]
+ifdef::ACTION_TOKEN[]
+Creates new LUKS2 keyring token assigned to no keyslot. Usable only with _add_ action.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_TCRYPTDUMP[]
+*--tcrypt-hidden*::
+*--tcrypt-system*::
+*--tcrypt-backup*::
+Specify which TrueCrypt on-disk
+header will be used to open the device. See _TCRYPT_ section in
+*cryptsetup*(8) for more info.
+endif::[]
+
+ifdef::ACTION_TCRYPTDUMP,ACTION_OPEN[]
+*--veracrypt*::
+This option is ignored as VeraCrypt compatible mode is supported by
+default.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_TCRYPTDUMP[]
+*--disable-veracrypt*::
+This option can be used to disable VeraCrypt compatible mode (only
+TrueCrypt devices are recognized). Only for TCRYPT extension. See
+_TCRYPT_ section in *cryptsetup*(8) for more info.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_TCRYPTDUMP[]
+*--veracrypt-pim*::
+*--veracrypt-query-pim*::
+Use a custom Personal Iteration Multiplier (PIM) for
+VeraCrypt device. See _TCRYPT_ section in *cryptsetup*(8) for more info.
+endif::[]
+
+ifdef::ACTION_OPEN[]
+*--serialize-memory-hard-pbkdf*::
+Use a global lock to serialize unlocking of keyslots using memory-hard
+PBKDF.
++
+*NOTE:* This is (ugly) workaround for a specific situation when multiple
+devices are activated in parallel and system instead of reporting out of
+memory starts unconditionally stop processes using out-of-memory killer.
++
+*DO NOT USE* this switch until you are implementing boot environment
+with parallel devices activation!
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--encrypt, --new, -N*::
+Initialize (and run) device in-place encryption mode.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--decrypt*::
+Initialize (and run) device decryption mode.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--init-only (LUKS2 only)*::
+Initialize reencryption (any mode) operation in LUKS2 metadata only
+and exit. If any reencrypt operation is already initialized in
+metadata, the command with --init-only parameter fails.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--resume-only (LUKS2 only)*::
+Resume reencryption (any mode) operation already described in LUKS2
+metadata. If no reencrypt operation is initialized, the command with
+--resume-only parameter fails. Useful for resuming reencrypt operation
+without accidentally triggering new reencryption operation.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--resilience* _mode_ *(LUKS2 only)*::
+Reencryption resilience _mode_ can be one of _checksum_, _journal_ or
+_none_.
++
+_checksum_: default mode, where individual checksums of ciphertext
+hotzone sectors are stored, so the recovery process can detect which
+sectors were already reencrypted. It requires that the device sector
+write is atomic.
++
+_journal_: the hotzone is journaled in the binary area (so the data are
+written twice).
++
+_none_: performance mode. There is no protection and the only way it's
+safe to interrupt the reencryption is similar to old offline
+reencryption utility.
++
+Resilience modes can be changed unless _datashift_ mode is used for
+operation initialization (encryption with --reduce-device-size option)
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--resilience-hash* _hash_ *(LUKS2 only)*::
+The _hash_ algorithm used with "--resilience checksum" only. The default
+hash is sha256. With other resilience modes, the hash parameter is
+ignored.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--hotzone-size* _size_ *(LUKS2 only)*::
+This option can be used to set an upper limit on the size of
+reencryption area (hotzone). The _size_ can be specified with unit
+suffix (for example 50M). Note that actual hotzone size may be less
+than specified <size> due to other limitations (free space in keyslots
+area or available memory).
++
+With decryption mode for devices with LUKS2 header placed in head of data
+device, the option specifies how large is the first data segment moved
+from original data offset pointer.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--reduce-device-size* _size_::
+This means that last _size_ sectors on the original device will be lost,
+data will be effectively shifted by specified number of sectors.
++
+It could be useful if you added some space to underlying partition or
+logical volume (so last _size_ sectors contains no data).
++
+For units suffix see --device-size parameter description.
++
+*WARNING:* This is a destructive operation and cannot be reverted. Use
+with extreme care - accidentally overwritten filesystems are usually
+unrecoverable.
++
+*LUKS2*:
+Initialize LUKS2 reencryption with data device size reduction
+(currently only encryption mode is supported).
++
+Recommended minimal size is twice the default LUKS2 header size
+(--reduce-device-size 32M) for encryption mode.
++
+*LUKS1*:
+Enlarge data offset to specified value by shrinking device size.
++
+You cannot shrink device more than by 64 MiB (131072 sectors).
+endif::[]
+
+ifdef::COMMON_OPTIONS[]
+*--batch-mode, -q*::
+Suppresses all confirmation questions. Use with care!
++
+If the --verify-passphrase option is not specified, this option also
+switches off the passphrase verification.
+endif::[]
+
+ifdef::COMMON_OPTIONS[]
+*--debug or --debug-json*::
+Run in debug mode with full diagnostic logs. Debug output lines are
+always prefixed by *#*.
++
+If --debug-json is used, additional LUKS2 JSON data structures are printed.
+endif::[]
+
+ifdef::COMMON_OPTIONS[]
+*--version, -V*::
+Show the program version.
+endif::[]
+
+ifdef::COMMON_OPTIONS[]
+*--usage*::
+Show short option help.
+endif::[]
+
+ifdef::COMMON_OPTIONS[]
+*--help, -?*::
+Show help text and default parameters.
+endif::[]
diff --git a/man/cryptsetup-benchmark.8.adoc b/man/cryptsetup-benchmark.8.adoc
new file mode 100644
index 0000000..caaacba
--- /dev/null
+++ b/man/cryptsetup-benchmark.8.adoc
@@ -0,0 +1,41 @@
+= cryptsetup-benchmark(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_BENCHMARK:
+
+== Name
+
+cryptsetup-benchmark - benchmarks ciphers and KDF
+
+== SYNOPSIS
+
+*cryptsetup _benchmark_ [<options>]*
+
+== DESCRIPTION
+
+Benchmarks ciphers and KDF (key derivation function). Without
+parameters, it tries to measure few common configurations.
+
+To benchmark other ciphers or modes, you need to specify *--cipher* and
+*--key-size* options.
+
+To benchmark PBKDF you need to specify *--pbkdf* or *--hash* with optional
+cost parameters *--iter-time*, *--pbkdf-memory* or *--pbkdf-parallel*.
+
+*NOTE:* This benchmark uses memory only and is only informative. You
+cannot directly predict real storage encryption speed from it.
+
+For testing block ciphers, this benchmark requires kernel userspace
+crypto API to be available (introduced in Linux kernel 2.6.38). If you
+are configuring kernel yourself, enable "User-space interface for
+symmetric key cipher algorithms" in "Cryptographic API" section
+(CRYPTO_USER_API_SKCIPHER .config option).
+
+*<options>* can be [--cipher, --key-size, --hash, --pbkdf, --iter-time,
+--pbkdf-memory, --pbkdf-parallel].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-bitlkDump.8.adoc b/man/cryptsetup-bitlkDump.8.adoc
new file mode 100644
index 0000000..6dc273f
--- /dev/null
+++ b/man/cryptsetup-bitlkDump.8.adoc
@@ -0,0 +1,34 @@
+= cryptsetup-bitlkDump(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_BITLKDUMP:
+
+== Name
+
+cryptsetup-bitlkDump - dump the header information of a BITLK (BitLocker compatible) device
+
+== SYNOPSIS
+
+*cryptsetup _bitlkDump_ [<options>] <device>*
+
+== DESCRIPTION
+
+Dump the header information of a BITLK (BitLocker compatible) device.
+
+If the --dump-volume-key option is used, the BITLK device volume key
+is dumped instead of header information. You have to provide password
+or keyfile to dump volume key.
+
+Beware that the volume key can be used to decrypt the data stored in
+the container without a passphrase.
+This means that if the volume key is compromised, the whole device has
+to be erased to prevent further access. Use this option carefully.
+
+*<options>* can be [--dump-volume-key, --volume-key-file, --key-file,
+--keyfile-offset, --keyfile-size, --timeout].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-close.8.adoc b/man/cryptsetup-close.8.adoc
new file mode 100644
index 0000000..28813d3
--- /dev/null
+++ b/man/cryptsetup-close.8.adoc
@@ -0,0 +1,30 @@
+= cryptsetup-close(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_CLOSE:
+
+== Name
+
+cryptsetup-close - removes the existing mapping <name> (and the associated key)
+
+== SYNOPSIS
+
+*cryptsetup _close_ [<options>] <name>*
+
+== DESCRIPTION
+
+Removes the existing mapping <name> and wipes the key from kernel
+memory.
+
+For backward compatibility, there are *close* command aliases: *remove*,
+*plainClose*, *luksClose*, *loopaesClose*, *tcryptClose*, *bitlkClose*
+(all behave exactly the same, device type is determined automatically
+from the active device).
+
+*<options>* can be [--deferred, --cancel-deferred, --header, --disable-locks].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-config.8.adoc b/man/cryptsetup-config.8.adoc
new file mode 100644
index 0000000..c664242
--- /dev/null
+++ b/man/cryptsetup-config.8.adoc
@@ -0,0 +1,30 @@
+= cryptsetup-config(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_CONFIG:
+
+== Name
+
+cryptsetup-config - set permanent configuration options (store to LUKS header)
+
+== SYNOPSIS
+
+*cryptsetup _config_ <options> <device>*
+
+== DESCRIPTION
+
+Set permanent configuration options (store to LUKS header). The _config_
+command is supported only for LUKS2.
+
+The permanent options can be _--priority_ to set priority (normal,
+prefer, ignore) for keyslot (specified by _--key-slot_) or _--label_ and
+_--subsystem_.
+
+*<options>* can be [--priority, --label, --subsystem, --key-slot,
+--header, --disable-locks].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-convert.8.adoc b/man/cryptsetup-convert.8.adoc
new file mode 100644
index 0000000..dbb4c23
--- /dev/null
+++ b/man/cryptsetup-convert.8.adoc
@@ -0,0 +1,37 @@
+= cryptsetup-convert(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_CONVERT:
+
+== Name
+
+cryptsetup-convert - converts the device between LUKS1 and LUKS2 format
+
+== SYNOPSIS
+
+*cryptsetup _convert_ --type <format> [<options>] <device>*
+
+== DESCRIPTION
+
+Converts the device between LUKS1 and LUKS2 format (if possible). The
+conversion will not be performed if there is an additional LUKS2 feature
+or LUKS1 has unsupported header size.
+
+Conversion (both directions) must be performed on inactive device. There
+must not be active dm-crypt mapping established for LUKS header
+requested for conversion.
+
+The *--type* option is mandatory with the following accepted values: _luks1_ or
+_luks2_.
+
+*WARNING:* The _convert_ action can destroy the LUKS header in the case
+of a crash during conversion or if a media error occurs. Always create a
+header backup before performing this operation!
+
+*<options>* can be [--header, --type, --disable-locks].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-erase.8.adoc b/man/cryptsetup-erase.8.adoc
new file mode 100644
index 0000000..97a13aa
--- /dev/null
+++ b/man/cryptsetup-erase.8.adoc
@@ -0,0 +1,28 @@
+= cryptsetup-erase(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_ERASE:
+
+== Name
+
+cryptsetup-erase, cryptsetup-luksErase - erase all keyslots
+
+== SYNOPSIS
+
+*cryptsetup  _erase_ [<options>] <device>* +
+*cryptsetup _luksErase_ [<options>] <device>*
+
+== DESCRIPTION
+
+Erase all keyslots and make the LUKS container permanently inaccessible.
+You do not need to provide any password for this operation.
+
+*WARNING:* This operation is irreversible.
+
+*<options>* can be [--header, --disable-locks].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-fvault2Dump.8.adoc b/man/cryptsetup-fvault2Dump.8.adoc
new file mode 100644
index 0000000..0831899
--- /dev/null
+++ b/man/cryptsetup-fvault2Dump.8.adoc
@@ -0,0 +1,34 @@
+= cryptsetup-fvault2Dump(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_BITLKDUMP:
+
+== Name
+
+cryptsetup-fvault2Dump - dump the header information of a FVAULT2 (FileVault2 compatible) device
+
+== SYNOPSIS
+
+*cryptsetup _fvault2Dump_ [<options>] <device>*
+
+== DESCRIPTION
+
+Dump the header information of a FVAULT2 (FileVault2 compatible) device.
+
+If the --dump-volume-key option is used, the FVAULT2 device volume key
+is dumped instead of header information. You have to provide password
+or keyfile to dump volume key.
+
+Beware that the volume key can be used to decrypt the data stored in
+the container without a passphrase.
+This means that if the volume key is compromised, the whole device has
+to be erased to prevent further access. Use this option carefully.
+
+*<options>* can be [--dump-volume-key, --volume-key-file, --key-file,
+--keyfile-offset, --keyfile-size, --timeout].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-isLuks.8.adoc b/man/cryptsetup-isLuks.8.adoc
new file mode 100644
index 0000000..aac559c
--- /dev/null
+++ b/man/cryptsetup-isLuks.8.adoc
@@ -0,0 +1,29 @@
+= cryptsetup-isLuks(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_ISLUKS:
+
+== Name
+
+cryptsetup-isLuks - check if a device is a LUKS device
+
+== SYNOPSIS
+
+*cryptsetup _isLuks_ [<options>] <device>*
+
+== DESCRIPTION
+
+Returns true, if <device> is a LUKS device, false otherwise.
+
+Use option -v to get human-readable feedback.
+'Command successful.' means the device is a LUKS device.
+
+By specifying --type you may query for specific LUKS version.
+
+*<options>* can be [--header, --type, --disable-locks].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-luksAddKey.8.adoc b/man/cryptsetup-luksAddKey.8.adoc
new file mode 100644
index 0000000..9686a1d
--- /dev/null
+++ b/man/cryptsetup-luksAddKey.8.adoc
@@ -0,0 +1,71 @@
+= cryptsetup-luksAddKey(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSADDKEY:
+
+== Name
+
+cryptsetup-luksAddKey - add a new passphrase
+
+== SYNOPSIS
+
+*cryptsetup _luksAddKey_ [<options>] <device> [<key file with new key>]*
+
+== DESCRIPTION
+
+Adds a keyslot protected by a new passphrase. An existing passphrase
+must be supplied interactively, via --key-file or LUKS2 token (plugin).
+Alternatively to existing passphrase user may pass directly volume key
+(via --volume-key-file). The new passphrase to be added can be specified
+interactively, read from the file given as the positional argument (also
+via --new-keyfile parameter) or via LUKS2 token.
+
+*NOTE:* with --unbound option the action creates new unbound LUKS2
+keyslot. The keyslot cannot be used for device activation. If you don't
+pass new key via --volume-key-file option, new random key is generated.
+Existing passphrase for any active keyslot is not required.
+
+*NOTE:* some parameters are effective only if used with LUKS2 format
+that supports per-keyslot parameters. For LUKS1, PBKDF type and hash
+algorithm is always the same for all keyslots.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size,
+--new-keyfile, --new-keyfile-offset, --new-keyfile-size, --key-slot,
+--new-key-slot, --volume-key-file, --force-password, --hash, --header,
+--disable-locks, --iter-time, --pbkdf, --pbkdf-force-iterations,
+--pbkdf-memory, --pbkdf-parallel, --unbound, --type, --keyslot-cipher,
+--keyslot-key-size, --key-size, --timeout, --token-id, --token-type,
+--token-only, --new-token-id, --verify-passphrase].
+
+include::man/common_options.adoc[]
+
+== EXAMPLES
+
+*NOTE*: When not specified otherwise interactive passphrase prompt is always default method.
+
+Add new keyslot using interactive passphrase prompt for both existing and new passphrase:
+
+*cryptsetup luksAddKey /dev/device*
+
+Add new keyslot using LUKS2 tokens to unlock existing keyslot with interactive passphrase prompt for new passphrase:
+
+*cryptsetup luksAddKey --token-only /dev/device*
+
+Add new keyslot using LUKS2 systemd-tpm2 tokens to unlock existing keyslot with interactive passphrase prompt for new passphrase (systemd-tpm2 token plugin must be available):
+
+*cryptsetup luksAddKey --token-type systemd-tpm2 /dev/device*
+
+Add new keyslot using interactive passphrase prompt for existing keyslot, reading new passphrase from key_file:
+
+*cryptsetup luksAddKey --new-keyfile key_file /dev/device* or
+*cryptsetup luksAddKey /dev/device key_file*
+
+Add new keyslot using volume stored in volume_key_file and LUKS2 token in slot 5 to get new keyslot passphrase (token in slot 5 must exist
+and respective token plugin must be available):
+
+*cryptsetup luksAddKey --volume-key-file volume_key_file --new-token-id 5 /dev/device*
+
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-luksChangeKey.8.adoc b/man/cryptsetup-luksChangeKey.8.adoc
new file mode 100644
index 0000000..7dd5f3b
--- /dev/null
+++ b/man/cryptsetup-luksChangeKey.8.adoc
@@ -0,0 +1,46 @@
+= cryptsetup-luksChangeKey(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSCHANGEKEY:
+
+== Name
+
+cryptsetup-luksChangeKey - change an existing passphrase
+
+== SYNOPSIS
+
+*cryptsetup _luksChangeKey_ [<options>] <device> [<new key file>]*
+
+== DESCRIPTION
+
+Changes an existing passphrase. The passphrase to be changed must be
+supplied interactively or via --key-file. The new passphrase can be
+supplied interactively or in a file given as the positional argument.
+
+If a key-slot is specified (via --key-slot), the passphrase for that
+key-slot must be given and the new passphrase will overwrite the
+specified key-slot. If no key-slot is specified and there is still a
+free key-slot, then the new passphrase will be put into a free key-slot
+before the key-slot containing the old passphrase is purged. If there is
+no free key-slot, then the key-slot with the old passphrase is
+overwritten directly.
+
+*WARNING:* If a key-slot is overwritten, a media failure during this
+operation can cause the overwrite to fail after the old passphrase has
+been wiped and make the LUKS container inaccessible.
+
+*NOTE:* some parameters are effective only if used with LUKS2 format
+that supports per-keyslot parameters. For LUKS1, PBKDF type and hash
+algorithm is always the same for all keyslots.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size,
+--new-keyfile-offset, --iter-time, --pbkdf, --pbkdf-force-iterations,
+--pbkdf-memory, --pbkdf-parallel, --new-keyfile-size, --key-slot,
+--force-password, --hash, --header, --disable-locks, --type,
+--keyslot-cipher, --keyslot-key-size, --timeout, --verify-passphrase].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-luksConvertKey.8.adoc b/man/cryptsetup-luksConvertKey.8.adoc
new file mode 100644
index 0000000..c626542
--- /dev/null
+++ b/man/cryptsetup-luksConvertKey.8.adoc
@@ -0,0 +1,41 @@
+= cryptsetup-luksConvertKey(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSCONVERTKEY:
+
+== Name
+
+cryptsetup-luksConvertKey - converts an existing LUKS2 keyslot to new PBKDF parameters
+
+== SYNOPSIS
+
+*cryptsetup _luksConvertKey_ [<options>] <device>*
+
+== DESCRIPTION
+
+Converts an existing LUKS2 keyslot to new PBKDF parameters. The
+passphrase for keyslot to be converted must be supplied interactively or
+via --key-file. If no --pbkdf parameters are specified LUKS2 default
+PBKDF values will apply.
+
+If a keyslot is specified (via --key-slot), the passphrase for that
+keyslot must be given. If no keyslot is specified and there is still a
+free keyslot, then the new parameters will be put into a free keyslot
+before the keyslot containing the old parameters is purged. If there is
+no free keyslot, then the keyslot with the old parameters is overwritten
+directly.
+
+*WARNING:* If a keyslot is overwritten, a media failure during this
+operation can cause the overwrite to fail after the old parameters have
+been wiped and make the LUKS container inaccessible.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size,
+--key-slot, --hash, --header, --disable-locks, --iter-time, --pbkdf,
+--pbkdf-force-iterations, --pbkdf-memory, --pbkdf-parallel,
+--keyslot-cipher, --keyslot-key-size, --timeout, --verify-passphrase].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-luksDump.8.adoc b/man/cryptsetup-luksDump.8.adoc
new file mode 100644
index 0000000..f9f3910
--- /dev/null
+++ b/man/cryptsetup-luksDump.8.adoc
@@ -0,0 +1,50 @@
+= cryptsetup-luksDump(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSDUMP:
+
+== Name
+
+cryptsetup-luksDump - dump the header information of a LUKS device
+
+== SYNOPSIS
+
+*cryptsetup _luksDump_ [<options>] <device>*
+
+== DESCRIPTION
+
+Dump the header information of a LUKS device.
+
+If the --dump-volume-key option is used, the LUKS device volume key is
+dumped instead of the keyslot info. Together with the --volume-key-file
+option, volume key is dumped to a file instead of standard output.
+Beware that the volume key cannot be changed without reencryption and
+can be used to decrypt the data stored in the LUKS container without a
+passphrase and even without the LUKS header. This means that if the
+volume key is compromised, the whole device has to be erased or
+reencrypted to prevent further access. Use this option carefully.
+
+To dump the volume key, a passphrase has to be supplied, either
+interactively or via --key-file.
+
+To dump unbound key (LUKS2 format only), --unbound parameter, specific
+--key-slot id and proper passphrase has to be supplied, either
+interactively or via --key-file. Optional --volume-key-file parameter
+enables unbound keyslot dump to a file.
+
+To dump LUKS2 JSON metadata (without basic header information like UUID)
+use --dump-json-metadata option.
+
+*<options>* can be [--dump-volume-key, --dump-json-metadata, --key-file,
+--keyfile-offset, --keyfile-size, --header, --disable-locks,
+--volume-key-file, --type, --unbound, --key-slot, --timeout].
+
+*WARNING:* If --dump-volume-key is used with --key-file and the argument
+to --key-file is '-', no validation question will be asked and no
+warning given.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-luksFormat.8.adoc b/man/cryptsetup-luksFormat.8.adoc
new file mode 100644
index 0000000..be241f8
--- /dev/null
+++ b/man/cryptsetup-luksFormat.8.adoc
@@ -0,0 +1,51 @@
+= cryptsetup-luksFormat(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSFORMAT:
+
+== Name
+
+cryptsetup-luksFormat - initialize a LUKS partition and set the initial passphrase
+
+== SYNOPSIS
+
+*cryptsetup _luksFormat_ [<options>] <device> [<key file>]*
+
+== DESCRIPTION
+
+Initializes a LUKS partition and sets the initial passphrase (for
+key-slot 0), either via prompting or via <key file>. Note that if the
+second argument is present, then the passphrase is taken from the file
+given there, without the need to use the --key-file option. Also note
+that for both forms of reading the passphrase from a file you can give
+'-' as file name, which results in the passphrase being read from stdin
+and the safety-question being skipped.
+
+You cannot call luksFormat on a device or filesystem that is mapped or
+in use, e.g., mounted filesystem, used in LVM, active RAID member, etc. The
+device or filesystem has to be un-mounted in order to call luksFormat.
+
+To use specific version of LUKS format, use _--type luks1_ or _type luks2_.
+
+*<options>* can be [--hash, --cipher, --verify-passphrase, --key-size,
+--key-slot, --key-file (takes precedence over optional second argument),
+--keyfile-offset, --keyfile-size, --use-random, --use-urandom, --uuid,
+--volume-key-file, --iter-time, --header, --pbkdf-force-iterations,
+--force-password, --disable-locks, --timeout, --type, --offset,
+--align-payload (deprecated)].
+
+For LUKS2, additional *<options>* can be [--integrity,
+--integrity-no-wipe, --sector-size, --label, --subsystem, --pbkdf,
+--pbkdf-memory, --pbkdf-parallel, --disable-locks, --disable-keyring,
+--luks2-metadata-size, --luks2-keyslots-size, --keyslot-cipher,
+--keyslot-key-size, --integrity-legacy-padding].
+
+*WARNING:* Doing a luksFormat on an existing LUKS container will make
+all data in the old container permanently irretrievable unless you have a
+header backup.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-luksHeaderBackup.8.adoc b/man/cryptsetup-luksHeaderBackup.8.adoc
new file mode 100644
index 0000000..1f57f25
--- /dev/null
+++ b/man/cryptsetup-luksHeaderBackup.8.adoc
@@ -0,0 +1,35 @@
+= cryptsetup-luksHeaderBackup(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSHEADERBACKUP:
+
+== Name
+
+cryptsetup-luksHeaderBackup - store a binary backup of the LUKS header and keyslot area
+
+== SYNOPSIS
+
+*cryptsetup _luksHeaderBackup_ --header-backup-file <file> [<options>] <device>*
+
+== DESCRIPTION
+
+Stores a binary backup of the LUKS header and keyslot area. +
+*NOTE:* Using '-' as filename writes the header backup to a file named
+'-'.
+
+*<options>* can be [--header, --header-backup-file, --disable-locks].
+
+*WARNING:* This backup file and a passphrase valid at the time of backup
+allows decryption of the LUKS data area, even if the passphrase was
+later changed or removed from the LUKS device. Also note that with a
+header backup you lose the ability to securely wipe the LUKS device by
+just overwriting the header and key-slots. You either need to securely
+erase all header backups in addition or overwrite the encrypted data
+area as well. The second option is less secure, as some sectors can
+survive, e.g., due to defect management.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-luksHeaderRestore.8.adoc b/man/cryptsetup-luksHeaderRestore.8.adoc
new file mode 100644
index 0000000..e7fa8aa
--- /dev/null
+++ b/man/cryptsetup-luksHeaderRestore.8.adoc
@@ -0,0 +1,34 @@
+= cryptsetup-luksHeaderRestore(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSHEADERRESTORE:
+
+== Name
+
+cryptsetup-luksHeaderRestore - restore a binary backup of the LUKS header and keyslot area
+
+== SYNOPSIS
+
+*cryptsetup _luksHeaderRestore_ --header-backup-file <file> [<options>] <device>*
+
+== DESCRIPTION
+
+Restores a binary backup of the LUKS header and keyslot area from the
+specified file. +
+*NOTE:* Using '-' as filename reads the header backup from a file named '-'.
+
+*<options>* can be [--header, --header-backup-file, --disable-locks].
+
+*WARNING:* Header and keyslots will be replaced, only the passphrases
+from the backup will work afterward.
+
+This command requires that the volume key size and data offset of the
+LUKS header already on the device and of the header backup match.
+Alternatively, if there is no LUKS header on the device, the backup will
+also be written to it.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-luksKillSlot.8.adoc b/man/cryptsetup-luksKillSlot.8.adoc
new file mode 100644
index 0000000..4575387
--- /dev/null
+++ b/man/cryptsetup-luksKillSlot.8.adoc
@@ -0,0 +1,40 @@
+= cryptsetup-luksKillSlot(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSKILLSLOT:
+
+== Name
+
+cryptsetup-luksKillSlot - wipe a key-slot from the LUKS device
+
+== SYNOPSIS
+
+*cryptsetup _luksKillSlot_ [<options>] <device> <key slot number>*
+
+== DESCRIPTION
+
+Wipe the key-slot number <key slot> from the LUKS device. Except running
+in batch-mode (-q) a remaining passphrase must be supplied, either
+interactively or via --key-file. This command can remove the last
+remaining key-slot, but requires an interactive confirmation when doing
+so. Removing the last passphrase makes a LUKS container permanently
+inaccessible.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size,
+--header, --disable-locks, --type, --verify-passphrase, --timeout].
+
+*WARNING:* If you read the passphrase from stdin (without further
+argument or with '-' as an argument to --key-file), batch-mode (-q) will
+be implicitly switched on and no warning will be given when you remove
+the last remaining passphrase from a LUKS container. Removing the last
+passphrase makes the LUKS container permanently inaccessible.
+
+*NOTE:* If there is no passphrase provided (on stdin or through
+--key-file argument) and batch-mode (-q) is active, the key-slot is
+removed without any other warning.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-luksRemoveKey.8.adoc b/man/cryptsetup-luksRemoveKey.8.adoc
new file mode 100644
index 0000000..b414f18
--- /dev/null
+++ b/man/cryptsetup-luksRemoveKey.8.adoc
@@ -0,0 +1,33 @@
+= cryptsetup-luksRemoveKey(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSREMOVEKEY:
+
+== Name
+
+cryptsetup-luksRemoveKey - remove the supplied passphrase from the LUKS device
+
+== SYNOPSIS
+
+*cryptsetup _luksRemoveKey_ [<options>] <device> [<key file with passphrase to be removed>]*
+
+== DESCRIPTION
+
+Removes the supplied passphrase from the LUKS device. The passphrase to
+be removed can be specified interactively, as the positional argument or
+via --key-file.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size,
+--header, --disable-locks, --type, --timeout, --verify-passphrase].
+
+*WARNING:* If you read the passphrase from stdin (without further
+argument or with '-' as an argument to --key-file), batch-mode (-q) will
+be implicitly switched on and no warning will be given when you remove
+the last remaining passphrase from a LUKS container. Removing the last
+passphrase makes the LUKS container permanently inaccessible.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-luksResume.8.adoc b/man/cryptsetup-luksResume.8.adoc
new file mode 100644
index 0000000..9d81cbc
--- /dev/null
+++ b/man/cryptsetup-luksResume.8.adoc
@@ -0,0 +1,29 @@
+= cryptsetup-luksResume(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSRESUME:
+
+== Name
+
+cryptsetup-luksResume - resume a suspended device and reinstate the key
+
+== SYNOPSIS
+
+*cryptsetup _luksResume_ [<options>] <name>*
+
+== DESCRIPTION
+
+Resumes a suspended device and reinstates the encryption key. Prompts
+interactively for a passphrase if no token is usable (LUKS2 only) or
+--key-file is not given.
+
+*<options>* can be [--key-file, --keyfile-size, --keyfile-offset,
+--key-slot, --header, --disable-keyring, --disable-locks, --token-id,
+--token-only, --token-type, --disable-external-tokens, --type, --tries,
+--timeout, --verify-passphrase].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-luksSuspend.8.adoc b/man/cryptsetup-luksSuspend.8.adoc
new file mode 100644
index 0000000..ed20681
--- /dev/null
+++ b/man/cryptsetup-luksSuspend.8.adoc
@@ -0,0 +1,33 @@
+= cryptsetup-luksSuspend(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSSUSPEND:
+
+== Name
+
+cryptsetup-luksSuspend - suspends an active device and wipes the key
+
+== SYNOPSIS
+
+*cryptsetup _luksSuspend_ [<options>] <name>*
+
+== DESCRIPTION
+
+Suspends an active device (all IO operations will block and accesses to
+the device will wait indefinitely) and wipes the encryption key from
+kernel memory. Needs kernel 2.6.19 or later.
+
+After this operation, you have to use _luksResume_ to reinstate the
+encryption key and unblock the device or _close_ to remove the mapped
+device.
+
+*<options>* can be [--header, --disable-locks].
+
+*WARNING:* Never suspend the device on which the cryptsetup binary
+resides.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-luksUUID.8.adoc b/man/cryptsetup-luksUUID.8.adoc
new file mode 100644
index 0000000..8ffe9ff
--- /dev/null
+++ b/man/cryptsetup-luksUUID.8.adoc
@@ -0,0 +1,25 @@
+= cryptsetup-luksUUID(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSUUID:
+
+== Name
+
+cryptsetup-luksUUID - print or set the UUID of a LUKS device
+
+== SYNOPSIS
+
+*cryptsetup _luksUUID_ [<options>] <device>*
+
+== DESCRIPTION
+
+Print the UUID of a LUKS device. +
+Set new UUID if _--uuid_ option is specified.
+
+*<options>* can be [--header, --uuid, --type, --disable-locks].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-open.8.adoc b/man/cryptsetup-open.8.adoc
new file mode 100644
index 0000000..5e8e7a6
--- /dev/null
+++ b/man/cryptsetup-open.8.adoc
@@ -0,0 +1,165 @@
+= cryptsetup-open(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_OPEN:
+
+== Name
+
+cryptsetup-open, cryptsetup-create, cryptsetup-plainOpen, cryptsetup-luksOpen, cryptsetup-loopaesOpen, cryptsetup-tcryptOpen, cryptsetup-bitlkOpen, cryptsetup-fvault2Open - open an encrypted device and create a mapping with a specified name
+
+== SYNOPSIS
+
+*cryptsetup _open_ --type <device_type> [<options>] <device> <name>*
+
+== DESCRIPTION
+Opens (creates a mapping with) <name> backed by device <device>.
+
+Device type can be _plain_, _luks_ (default), _luks1_, _luks2_,
+_loopaes_ or _tcrypt_.
+
+For backward compatibility there are *open* command aliases:
+
+*create* (argument-order <name> <device>): open --type plain +
+*plainOpen*: open --type plain +
+*luksOpen*: open --type luks +
+*loopaesOpen*: open --type loopaes +
+*tcryptOpen*: open --type tcrypt +
+*bitlkOpen*: open --type bitlk
+
+*<options>* are type specific and are described below for individual
+device types. For *create*, the order of the <name> and <device> options
+is inverted for historical reasons, all other aliases use the standard
+*<device> <name>* order.
+
+=== PLAIN
+*open --type plain <device> <name>* +
+plainOpen <device> <name> (*old syntax*) +
+create <name> <device> (*OBSOLETE syntax*)
+
+Opens (creates a mapping with) <name> backed by device <device>.
+
+*<options>* can be [--hash, --cipher, --verify-passphrase, --sector-size,
+--key-file, --keyfile-size, --keyfile-offset, --key-size, --offset,
+--skip, --device-size, --size, --readonly, --shared, --allow-discards,
+--refresh, --timeout, --verify-passphrase, --iv-large-sectors].
+
+Example: 'cryptsetup open --type plain /dev/sda10 e1' maps the raw
+encrypted device /dev/sda10 to the mapped (decrypted) device
+/dev/mapper/e1, which can then be mounted, fsck-ed or have a filesystem
+created on it.
+
+=== LUKS
+*open <device> <name>* +
+open --type <luks1|luks2> <device> <name> (*explicit version request*) +
+luksOpen <device> <name> (*old syntax*)
+
+Opens the LUKS device <device> and sets up a mapping <name> after
+successful verification of the supplied passphrase.
+
+First, the passphrase is searched in LUKS2 tokens unprotected by PIN.
+If such token does not exist (or fails to unlock keyslot) and
+also the passphrase is not supplied via --key-file, the command
+prompts for passphrase interactively.
+
+If there is valid LUKS2 token but it requires PIN to unlock assigned keyslot,
+it is not used unless one of following options is added: --token-only,
+--token-type where type matches desired PIN protected token or --token-id with id
+matching PIN protected token.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size,
+--readonly, --test-passphrase, --allow-discards, --header, --key-slot,
+--volume-key-file, --token-id, --token-only, --token-type,
+--disable-external-tokens, --disable-keyring, --disable-locks, --type,
+--refresh, --serialize-memory-hard-pbkdf, --unbound, --tries, --timeout,
+--verify-passphrase, --persistent].
+
+=== loopAES
+*open --type loopaes <device> <name> --key-file <keyfile>* +
+loopaesOpen <device> <name> --key-file <keyfile> (*old syntax*)
+
+Opens the loop-AES <device> and sets up a mapping <name>.
+
+If the key file is encrypted with GnuPG, then you have to use
+--key-file=- and decrypt it before use, e.g., like this: +
+gpg --decrypt <keyfile> | cryptsetup loopaesOpen --key-file=- <device>
+<name>
+
+*WARNING:* The loop-AES extension cannot use the direct input of the key
+file on the real terminal because the keys are separated by end-of-line and
+only part of the multi-key file would be read. +
+If you need it in script, just use the pipe redirection: +
+echo $keyfile | cryptsetup loopaesOpen --key-file=- <device> <name>
+
+Use *--keyfile-size* to specify the proper key length if needed.
+
+Use *--offset* to specify device offset. Note that the units need to be
+specified in number of 512 byte sectors.
+
+Use *--skip* to specify the IV offset. If the original device used an
+offset and but did not use it in IV sector calculations, you have to
+explicitly use *--skip 0* in addition to the offset parameter.
+
+Use *--hash* to override the default hash function for passphrase
+hashing (otherwise it is detected according to key size).
+
+*<options>* can be [--cipher, --key-file, --keyfile-size, --keyfile-offset,
+--key-size, --offset, --skip, --hash, --readonly, --allow-discards, --refresh].
+
+=== TrueCrypt and VeraCrypt
+*open --type tcrypt <device> <name>* +
+tcryptOpen <device> <name> (*old syntax*)
+
+Opens the TCRYPT (TrueCrypt and VeraCrypt compatible) <device> and sets
+up a mapping <name>.
+
+*<options>* can be [--key-file, --tcrypt-hidden, --tcrypt-system,
+--tcrypt-backup, --readonly, --test-passphrase, --allow-discards,
+--veracrypt (ignored), --disable-veracrypt, --veracrypt-pim,
+--veracrypt-query-pim, --header,
+--cipher, --hash, --tries, --timeout, --verify-passphrase].
+
+The keyfile parameter allows a combination of file content with the
+passphrase and can be repeated. Note that using keyfiles is compatible
+with TCRYPT and is different from LUKS keyfile logic.
+
+If *--cipher* or *--hash* options are used, only cipher chains or PBKDF2
+variants with the specified hash algorithms are checked. This could
+speed up unlocking the device (but also it reveals some information
+about the container).
+
+If you use *--header* in combination with hidden or system options, the
+header file must contain specific headers on the same positions as the
+original encrypted container.
+
+*WARNING:* Option *--allow-discards* cannot be combined with option
+*--tcrypt-hidden*. For normal mapping, it can cause the *destruction of
+hidden volume* (hidden volume appears as unused space for outer volume
+so this space can be discarded).
+
+=== BitLocker
+*open --type bitlk <device> <name>* +
+bitlkOpen <device> <name> (*old syntax*)
+
+Opens the BITLK (a BitLocker compatible) <device> and sets up a mapping
+<name>.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size, --key-size,
+--readonly, --test-passphrase, --allow-discards --volume-key-file, --tries,
+--timeout, --verify-passphrase].
+
+=== FileVault2
+*open --type fvault2 <device> <name>* +
+fvault2Open <device> <name> (*old syntax*)
+
+Opens the FVAULT2 (a FileVault2 compatible) <device> and sets up a mapping
+<name>.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size, --key-size,
+--readonly, --test-passphrase, --allow-discards --volume-key-file, --tries,
+--timeout, --verify-passphrase].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-reencrypt.8 b/man/cryptsetup-reencrypt.8
deleted file mode 100644
index 333ed58..0000000
--- a/man/cryptsetup-reencrypt.8
+++ /dev/null
@@ -1,295 +0,0 @@
-.TH CRYPTSETUP-REENCRYPT "8" "January 2021" "cryptsetup-reencrypt" "Maintenance Commands"
-.SH NAME
-cryptsetup-reencrypt - tool for offline LUKS device re-encryption
-.SH SYNOPSIS
-.B cryptsetup-reencrypt <options> <device>
-.SH DESCRIPTION
-.PP
-Cryptsetup-reencrypt can be used to change reencryption parameters
-which otherwise require full on-disk data change (re-encryption).
-
-You can regenerate \fBvolume key\fR (the real key used in on-disk encryption
-unclocked by passphrase), \fBcipher\fR, \fBcipher mode\fR.
-
-Cryptsetup-reencrypt reencrypts data on LUKS device in-place. During
-reencryption process the LUKS device is marked unavailable.
-
-\fINOTE\fR: If you're looking for LUKS2 online reencryption manual please read cryptsetup(8)
-man page instead (see reencrypt action). This page is for legacy offline reencryption
-utility only.
-
-\fIWARNING\fR: The cryptsetup-reencrypt program is not resistant to hardware
-or kernel failures during reencryption (you can lose your data in this case).
-
-\fIALWAYS BE SURE YOU HAVE RELIABLE BACKUP BEFORE USING THIS TOOL.\fR
-.br
-The reencryption can be temporarily suspended (by TERM signal or by
-using ctrl+c) but you need to retain temporary files named LUKS-<uuid>.[log|org|new].
-LUKS device is unavailable until reencryption is finished though.
-
-Current working directory must be writable and temporary
-files created during reencryption must be present.
-
-For more info about LUKS see cryptsetup(8).
-.PP
-.SH OPTIONS
-.TP
-To start (or continue) re-encryption for <device> use:
-.PP
-\fIcryptsetup-reencrypt\fR <device>
-
-\fB<options>\fR can be [\-\-batch-mode, \-\-block-size, \-\-cipher | \-\-keep-key,
-\-\-debug, \-\-device-size, \-\-hash, \-\-header, \-\-iter-time | \-\-pbkdf\-force\-iterations,
-\-\-key-file, \-\-key-size, \-\-key-slot, \-\-keyfile-offset, \-\-keyfile-size,
-\-\-master\-key\-file, \-\-tries, \-\-pbkdf, \-\-pbkdf\-memory, \-\-pbkdf\-parallel,
-\-\-progress-frequency, \-\-use-directio, \-\-use-random | \-\-use-urandom, \-\-use-fsync,
-\-\-uuid, \-\-verbose, \-\-write-log]
-
-To encrypt data on (not yet encrypted) device, use \fI\-\-new\fR in combination
-with \fI\-\-reduce-device-size\fR or with \fI\-\-header\fR option for detached header.
-
-To remove encryption from device, use \fI\-\-decrypt\fR.
-
-For detailed description of encryption and key file options see \fIcryptsetup(8)\fR
-man page.
-.TP
-.B "\-\-batch-mode, \-q"
-Suppresses all warnings and reencryption progress output.
-.TP
-.B "\-\-block-size, \-B \fIvalue\fR"
-Use re-encryption block size of <value> in MiB.
-
-Values can be between 1 and 64 MiB.
-.TP
-.B "\-\-cipher, \-c" \fI<cipher-spec>\fR
-Set the cipher specification string.
-.TP
-.B "\-\-debug"
-Run in debug mode with full diagnostic logs. Debug output
-lines are always prefixed by '#'.
-.TP
-.B "\-\-decrypt"
-Remove encryption (decrypt already encrypted device and remove LUKS header).
-
-\fBWARNING:\fR This is destructive operation and cannot be reverted.
-.TP
-.B "\-\-device-size \fIsize[units]\fR"
-Instead of real device size, use specified value.
-
-It means that only specified area (from the start of the device
-to the specified size) will be reencrypted.
-
-If no unit suffix is specified, the size is in bytes.
-
-Unit suffix can be S for 512 byte sectors, K/M/G/T (or KiB,MiB,GiB,TiB)
-for units with 1024 base or KB/MB/GB/TB for 1000 base (SI scale).
-
-\fBWARNING:\fR This is destructive operation.
-.TP
-.B "\-\-hash, \-h \fI<hash-spec>\fR"
-Specifies the hash used in the LUKS1 key setup scheme and volume key digest.
-
-\fBNOTE:\fR if this parameter is not specified, default hash algorithm is always used
-for new LUKS1 device header.
-
-\fBNOTE:\fR with LUKS2 format this option is only relevant when new keyslot pbkdf algorithm
-is set to PBKDF2 (see \fI\-\-pbkdf\fR).
-.TP
-.B "\-\-header\fR \fI<LUKS header file>\fR"
-Use a detached (separated) metadata device or file where the
-LUKS header is stored. This option allows one to store ciphertext
-and LUKS header on different devices.
-
-\fBWARNING:\fR There is no check whether the ciphertext device specified
-actually belongs to the header given.
-If used with \fI\-\-new\fR option, the header file will created (or overwritten).
-Use with care.
-.TP
-.B "\-\-iter-time, \-i \fI<milliseconds>\fR"
-The number of milliseconds to spend with PBKDF2 passphrase processing for the
-new LUKS header.
-.TP
-.B "\-\-keep-key"
-Do not change encryption key, just reencrypt the LUKS header and keyslots.
-
-This option can be combined only with \fI\-\-hash\fR, \fI\-\-iter-time\fR,
-\fI\-\-pbkdf\-force\-iterations\fR, \fI\-\-pbkdf\fR (LUKS2 only),
-\fI\-\-pbkdf\-memory\fR (Argon2i/id and LUKS2 only) and \fI\-\-pbkdf\-parallel\fR
-(Argon2i/id and LUKS2 only) options.
-.TP
-.B "\-\-key-file, \-d \fIname\fR"
-Read the passphrase from file.
-
-\fBWARNING:\fR \-\-key-file option can be used only if there is only one active keyslot,
-or alternatively, also if \-\-key-slot option is specified (then all other keyslots
-will be disabled in new LUKS device).
-
-If this option is not used, cryptsetup-reencrypt will ask for all active keyslot
-passphrases.
-.TP
-.B "\-\-key-size, \-s \fI<bits>\fR"
-Set key size in bits. The argument has to be a multiple of  8.
-
-The possible key-sizes are limited by the cipher and mode used.
-
-If you are increasing key size, there must be enough space in the LUKS header
-for enlarged keyslots (data offset must be large enough) or reencryption
-cannot be performed.
-
-If there is not enough space for keyslots with new key size,
-you can destructively shrink device with \-\-reduce-device-size option.
-.TP
-.B "\-\-key-slot, \-S <0-MAX>"
-Specify which key slot is used. For LUKS1, max keyslot number is 7. For LUKS2, it's 31.
-
-\fBWARNING:\fR All other keyslots will be disabled if this option is used.
-.TP
-.B "\-\-keyfile-offset \fIvalue\fR"
-Skip \fIvalue\fR bytes at the beginning of the key file.
-.TP
-.B "\-\-keyfile-size, \-l"
-Read a maximum of \fIvalue\fR bytes from the key file.
-Default is to read the whole file up to the compiled-in
-maximum.
-.TP
-.B "\-\-master\-key\-file"
-Use new volume (master) key stored in a file.
-.TP
-.B "\-\-new, \-N"
-Create new header (encrypt not yet encrypted device).
-
-This option must be used together with \-\-reduce-device-size.
-
-\fBWARNING:\fR This is destructive operation and cannot be reverted.
-.TP
-.B "\-\-pbkdf"
-Set Password-Based Key Derivation Function (PBKDF) algorithm for LUKS keyslot.
-The PBKDF can be: \fIpbkdf2\fR, \fIargon2i\fR for Argon2i or \fIargon2id\fR for Argon2id.
-
-For LUKS1, only \fIpbkdf2\fR is accepted (no need to use this option).
-.TP
-.B "\-\-pbkdf\-force\-iterations <num>"
-Avoid PBKDF benchmark and set time cost (iterations) directly.
-.TP
-.B "\-\-pbkdf\-memory <number>"
-Set the memory cost for PBKDF (for Argon2i/id the number represents kilobytes).
-Note that it is maximal value, PBKDF benchmark or available physical memory
-can decrease it.
-This option is not available for PBKDF2.
-.TP
-.B "\-\-pbkdf\-parallel <number>"
-Set the parallel cost for PBKDF (number of threads, up to 4).
-Note that it is maximal value, it is decreased automatically if
-CPU online count is lower.
-This option is not available for PBKDF2.
-.TP
-.B "\-\-progress-frequency <seconds>"
-Print separate line every <seconds> with reencryption progress.
-.TP
-.B "\-\-reduce-device-size \fIsize[units]\fR"
-Enlarge data offset to specified value by shrinking device size.
-
-This means that last sectors on the original device will be lost,
-ciphertext data will be effectively shifted by specified
-number of sectors.
-
-It can be useful if you e.g. added some space to underlying
-partition (so last sectors contains no data).
-
-For units suffix see \-\-device-size parameter description.
-
-You cannot shrink device more than by 64 MiB (131072 sectors).
-
-\fBWARNING:\fR This is destructive operation and cannot be reverted.
-Use with extreme care - shrunk filesystems are usually unrecoverable.
-.TP
-.B "\-\-tries, \-T"
-Number of retries for invalid passphrase entry.
-.TP
-.B "\-\-type <type>"
-Use only while encrypting not yet encrypted device (see \-\-new).
-
-Specify LUKS version when performing in-place encryption. If the parameter
-is omitted default value (LUKS1) is used. Type may be one of: \fBluks\fR (default),
-\fBluks1\fR or \fBluks2\fR.
-.TP
-.B "\-\-use-directio"
-Use direct-io (O_DIRECT) for all read/write data operations related
-to block device undergoing reencryption.
-
-Useful if direct-io operations perform better than normal buffered
-operations (e.g. in virtual environments).
-.TP
-.B "\-\-use-fsync"
-Use fsync call after every written block. This applies for reencryption
-log files as well.
-.TP
-.B "\-\-use-random"
-.TP
-.B "\-\-use-urandom"
-Define which kernel random number generator will be used to create the volume key.
-.TP
-.B "\-\-uuid" \fI<uuid>\fR
-Use only while resuming an interrupted decryption process (see \-\-decrypt).
-
-To find out what \fI<uuid>\fR to pass look for temporary files LUKS-<uuid>.[|log|org|new]
-of the interrupted decryption process.
-.TP
-.B "\-\-verbose, \-v"
-Print more information on command execution.
-.TP
-.B "\-\-version"
-Show the program version.
-.TP
-.B "\-\-write-log"
-Update log file after every block write. This can slow down reencryption
-but will minimize data loss in the case of system crash.
-
-.SH RETURN CODES
-Cryptsetup-reencrypt returns 0 on success and a non-zero value on error.
-
-Error codes are: 1 wrong parameters, 2 no permission,
-3 out of memory, 4 wrong device specified, 5 device already exists
-or device is busy.
-.SH EXAMPLES
-.TP
-Reencrypt /dev/sdb1 (change volume key)
-cryptsetup-reencrypt /dev/sdb1
-.TP
-Reencrypt and also change cipher and cipher mode
-cryptsetup-reencrypt /dev/sdb1 \-c aes-xts-plain64
-.TP
-Add LUKS encryption to not yet encrypted device
-
-First, be sure you have space added to disk.
-
-Or alternatively shrink filesystem in advance.
-.br
-Here we need 4096 512-bytes sectors (enough for 2x128 bit key).
-
-fdisk \-u /dev/sdb # move sdb1 partition end + 4096 sectors
-(or use resize2fs or tool for your filesystem and shrink it)
-
-cryptsetup-reencrypt /dev/sdb1 \-\-new \-\-reduce-device-size 4096S
-.TP
-Remove LUKS encryption completely
-
-cryptsetup-reencrypt /dev/sdb1 \-\-decrypt
-
-.SH REPORTING BUGS
-Report bugs, including ones in the documentation, on
-the cryptsetup mailing list at <dm-crypt@saout.de>
-or in the 'Issues' section on LUKS website.
-Please attach the output of the failed command with the
-\-\-debug option added.
-.SH AUTHORS
-Cryptsetup-reencrypt was written by Milan Broz <gmazyland@gmail.com>.
-.SH COPYRIGHT
-Copyright \(co 2012-2021 Milan Broz
-.br
-Copyright \(co 2012-2021 Red Hat, Inc.
-
-This is free software; see the source for copying conditions.  There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-.SH SEE ALSO
-The project website at \fBhttps://gitlab.com/cryptsetup/cryptsetup\fR
diff --git a/man/cryptsetup-reencrypt.8.adoc b/man/cryptsetup-reencrypt.8.adoc
new file mode 100644
index 0000000..154a469
--- /dev/null
+++ b/man/cryptsetup-reencrypt.8.adoc
@@ -0,0 +1,175 @@
+= cryptsetup-reencrypt(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_REENCRYPT:
+
+== Name
+
+cryptsetup-reencrypt - reencrypt LUKS encrypted volumes in-place
+
+== SYNOPSIS
+
+*cryptsetup _reencrypt_ [<options>] <device> or --active-name <name> [<new_name>]*
+
+== DESCRIPTION
+
+Run LUKS device reencryption.
+
+There are 3 basic modes of operation:
+
+* device reencryption (_reencrypt_)
+* device encryption (_reencrypt_ --encrypt/--new/-N)
+* device decryption (_reencrypt_ --decrypt)
+
+<device> or --active-name <name> (LUKS2 only) is mandatory parameter.
+
+Cryptsetup _reencrypt_ action can be used to change reencryption parameters
+which otherwise require full on-disk data change (re-encryption). The
+_reencrypt_ action reencrypts data on LUKS device in-place.
+
+You can regenerate *volume key* (the real key used in on-disk encryption
+unclocked by passphrase), *cipher*, *cipher mode* or *encryption sector size*
+(LUKS2 only).
+
+Reencryption process may be safely interrupted by a user via SIGINT
+signal (ctrl+c). Same applies to SIGTERM signal (i.e. issued by systemd
+during system shutdown).
+
+For in-place encryption mode, the _reencrypt_ action additionally takes all
+options available for _luksFormat_ action for respective LUKS version (see
+cryptsetup-luksFormat man page for more details). See *cryptsetup-luksFormat*(8).
+
+*NOTE* that for encrypt and decrypt mode, the whole device must be
+treated as unencrypted -- there are no quarantees of confidentiality as
+part of the device contains plaintext.
+
+*ALWAYS BE SURE YOU HAVE RELIABLE BACKUP BEFORE USING THIS ACTION ON LUKS DEVICE.*
+
+*<options>* can be [--batch-mode,
+--block-size,
+--cipher,
+--debug,
+--debug-json,
+--decrypt,
+--device-size,
+--disable-locks,
+--encrypt,
+--force-offline-reencrypt,
+--hash,
+--header,
+--hotzone-size,
+--iter-time,
+--init-only,
+--keep-key,
+--key-file,
+--key-size,
+--key-slot,
+--keyfile-offset,
+--keyfile-size,
+--tries,
+--timeout,
+--pbkdf,
+--pbkdf-force-iterations,
+--pbkdf-memory,
+--pbkdf-parallel,
+--progress-frequency,
+--progress-json,
+--reduce-device-size,
+--resilience,
+--resilience-hash,
+--resume-only,
+--sector-size,
+--use-directio,
+--use-random,
+--use-urandom,
+--use-fsync,
+--uuid,
+--verbose,
+--volume-key-file,
+--write-log].
+
+== LUKS2 REENCRYPTION
+
+With <device> parameter cryptsetup looks up active <device> dm mapping.
+If no active mapping is detected, it starts offline LUKS2 reencryption
+otherwise online reencryption takes place.
+
+To resume already initialized or interrupted reencryption, just run the
+cryptsetup _reencrypt_ command again to continue the reencryption
+operation. Reencryption may be resumed with different --resilience or
+--hotzone-size unless implicit datashift resilience mode is used: either
+encrypt mode with --reduce-device-size option or decrypt mode with
+original LUKS2 header exported in --header file.
+
+If the reencryption process was interrupted abruptly (reencryption
+process crash, system crash, poweroff) it may require recovery. The
+recovery is currently run automatically on next activation (action
+_open_) when needed or explicitly by user (action _repair_).
+
+Optional parameter <new_name> takes effect only with encrypt option
+and it activates device <new_name> immediately after encryption
+initialization gets finished. That's useful when device needs to be
+ready as soon as possible and mounted (used) before full data area
+encryption is completed.
+
+== LUKS1 REENCRYPTION
+
+Current working directory must be writable and temporary files created during
+reencryption must be present. During reencryption process the LUKS1 device is
+marked unavailable and must be offline (no dm-crypt mapping or mounted
+filesystem).
+
+*WARNING*: The LUKS1 reencryption code is not resistant to hardware
+or kernel failures during reencryption (you can lose your data in this case).
+
+include::man/common_options.adoc[]
+
+== EXAMPLES
+
+*NOTE*: You may drop *--type luks2* option as long as LUKS2 format is
+default.
+
+=== LUKS2 ENCRYPTION EXAMPLES
+
+Encrypt LUKS2 device (in-place). Make sure last 32 MiB on _/dev/plaintext_
+is unused (e.g.: does not contain filesystem data):
+
+*cryptsetup reencrypt --encrypt --type luks2 --reduce-device-size 32m /dev/plaintext_device*
+
+Encrypt LUKS2 device (in-place) with detached header put in a file:
+
+*cryptsetup reencrypt --encrypt --type luks2 --header my_luks2_header /dev/plaintext_device*
+
+Initialize LUKS2 in-place encryption operation only and activate the device (not yet encrypted):
+
+*cryptsetup reencrypt --encrypt --type luks2 --init-only --reduce-device-size 32m /dev/plaintext_device my_future_luks_device*
+
+Resume online encryption on device initialized in example above:
+
+*cryptsetup reencrypt --resume-only /dev/plaintext_device* or
+*cryptsetup reencrypt --active-name my_future_luks_device*
+
+=== LUKS2 REENCRYPTION EXAMPLES
+
+Reencrypt LUKS2 device (refresh volume key only):
+
+*cryptsetup reencrypt /dev/encrypted_device*
+
+=== LUKS2 DECRYPTION EXAMPLES
+
+Decrypt LUKS2 device with header put in head of data device (header file does not exist):
+
+*cryptsetup reencrypt --decrypt --header /export/header/to/file /dev/encrypted_device*
+
+Decrypt LUKS2 device with detached header (header file exists):
+
+*cryptsetup reencrypt --decrypt --header detached-luks2-header /dev/encrypted_device*
+
+Resume interrupted LUKS2 decryption:
+
+*cryptsetup reencrypt --resume-only --header luks2-hdr-file /dev/encrypted_device*
+
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-refresh.8.adoc b/man/cryptsetup-refresh.8.adoc
new file mode 100644
index 0000000..b79a80a
--- /dev/null
+++ b/man/cryptsetup-refresh.8.adoc
@@ -0,0 +1,53 @@
+= cryptsetup-refresh(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_REFRESH:
+
+== Name
+
+cryptsetup-refresh - refresh parameters of an active mapping
+
+== SYNOPSIS
+
+*cryptsetup _refresh_ [<options>] <name>*
+
+== DESCRIPTION
+
+Refreshes parameters of active mapping <name>.
+
+Updates parameters of active device <name> without the need to deactivate
+the device (and umount filesystem). Currently, it supports parameters
+refresh on following devices: LUKS1, LUKS2 (including authenticated
+encryption), plain crypt and loop-AES.
+
+Mandatory parameters are identical to those of an open action for
+the respective device type.
+
+You may change following parameters on all devices
+--perf-same_cpu_crypt, --perf-submit_from_crypt_cpus,
+--perf-no_read_workqueue, --perf-no_write_workqueue and
+--allow-discards.
+
+Refreshing the device without any optional parameter will refresh the device
+with default setting (respective to device type).
+
+*LUKS2 only:*
+
+The --integrity-no-journal parameter affects only LUKS2 devices with
+the underlying dm-integrity device.
+
+Adding option --persistent stores any combination of device parameters
+above in LUKS2 metadata (only after successful refresh operation).
+
+The --disable-keyring parameter refreshes a device with volume key passed in
+dm-crypt driver.
+
+*<options>* can be [--allow-discards, --perf-same_cpu_crypt, --perf-submit_from_crypt_cpus,
+--perf-no_read_workqueue, --perf-no_write_workqueue, --header, --disable-keyring,
+--disable-locks, --persistent, --integrity-no-journal].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-repair.8.adoc b/man/cryptsetup-repair.8.adoc
new file mode 100644
index 0000000..22ad9cb
--- /dev/null
+++ b/man/cryptsetup-repair.8.adoc
@@ -0,0 +1,43 @@
+= cryptsetup-repair(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_REPAIR:
+
+== Name
+
+cryptsetup-repair - repair the device metadata
+
+== SYNOPSIS
+
+*cryptsetup _repair_ [<options>] <device>*
+
+== DESCRIPTION
+
+Tries to repair the device metadata if possible. Currently supported
+only for LUKS device type.
+
+This command is useful to fix some known benign LUKS metadata header
+corruptions. Only basic corruptions of unused keyslot are fixable. This
+command will only change the LUKS header, not any key-slot data. You may
+enforce LUKS version by adding --type option.
+
+It also repairs (upgrades) LUKS2 reencryption metadata by adding
+a metadata digest that protects it against malicious changes.
+
+If LUKS2 reencryption was interrupted in the middle of writing
+reencryption segment the repair command can be used to perform
+reencryption recovery so that reencryption can continue later.
+Repairing reencryption requires verification of reencryption
+keyslot so passphrase or keyfile is needed.
+
+*<options>* can be [--timeout, --verify-passphrase, --disable-locks,
+--type, --header, --key-file, --keyfile-size, --keyfile-offset, --key-slot].
+
+*WARNING:* Always create a binary backup of the original header before
+calling this command.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-resize.8.adoc b/man/cryptsetup-resize.8.adoc
new file mode 100644
index 0000000..4cff482
--- /dev/null
+++ b/man/cryptsetup-resize.8.adoc
@@ -0,0 +1,42 @@
+= cryptsetup-resize(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_RESIZE:
+
+== Name
+
+cryptsetup-resize - resize an active mapping
+
+== SYNOPSIS
+
+*cryptsetup _resize_ [<options>] <name>*
+
+== DESCRIPTION
+
+Resizes an active mapping <name>.
+
+If --size (in 512-bytes sectors) or --device-size are not specified, the
+size is computed from the underlying device. For LUKS it is the size of
+the underlying device without the area reserved for LUKS header (see
+data payload offset in *luksDump* command). For plain crypt device, the
+whole device size is used.
+
+Note that this does not change the raw device geometry, it just changes
+how many sectors of the raw device are represented in the mapped device.
+
+If cryptsetup detected volume key for active device loaded in kernel
+keyring service, resize action would first try to retrieve the key using
+a token. Only if it failed, it'd ask for a passphrase to unlock a
+keyslot (LUKS) or to derive a volume key again (plain mode). The kernel
+keyring is used by default for LUKS2 devices.
+
+*<options>* can be [--size, --device-size, --token-id, --token-only,
+--token-type, --key-slot, --key-file, --keyfile-size, --keyfile-offset,
+--timeout, --disable-external-tokens, --disable-locks, --disable-keyring,
+--verify-passphrase, --timeout].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-ssh.8.adoc b/man/cryptsetup-ssh.8.adoc
new file mode 100644
index 0000000..f71f856
--- /dev/null
+++ b/man/cryptsetup-ssh.8.adoc
@@ -0,0 +1,80 @@
+= cryptsetup-ssh(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup-ssh {release-version}
+:man-linkstyle: pass:[blue R < >]
+
+== NAME
+
+cryptsetup-ssh - manage LUKS2 SSH token
+
+== SYNOPSIS
+
+*cryptsetup-ssh <action> [<options>] <action args>*
+
+== DESCRIPTION
+
+Experimental cryptsetup plugin for unlocking LUKS2 devices with token
+connected to an SSH server.
+
+This plugin currently allows only adding a token to an existing key
+slot. See *cryptsetup(8)* for instructions on how to remove, import or
+export the token.
+
+=== Add operation
+
+*add <options> <device>*
+
+Adds the SSH token to *<device>*.
+
+The specified SSH server must contain a key file on the specified path with
+a passphrase for an existing key slot on the device. Provided
+credentials will be used by cryptsetup to get the password when opening
+the device using the token.
+
+Options --ssh-server, --ssh-user, --ssh-keypath and --ssh-path are
+required for this operation.
+
+== OPTIONS
+
+**--key-slot**=_NUM_::
+Keyslot to assign the token to. If not specified, the token will be
+assigned to the first key slot matching provided passphrase.
+
+**--ssh-keypath**=_STRING_::
+Path to the SSH key for connecting to the remote server.
+
+**--ssh-path**=_STRING_::
+Path to the key file on the remote server.
+
+**--ssh-server**=_STRING_::
+IP address/URL of the remote server for this token.
+
+**--ssh-user**=_STRING_::
+Username used for the remote server.
+
+*--debug*::
+Show debug messages
+
+*--debug-json*::
+Show debug messages including JSON metadata
+
+*--verbose, -v*::
+Shows more detailed error messages
+
+*--help, -?*::
+Show help
+
+*--version, -V*::
+Print program version
+
+== NOTES
+
+The information provided when adding the token (SSH server address, user
+and paths) will be stored in the LUKS2 header in plaintext.
+
+== AUTHORS
+
+The cryptsetup-ssh tool is written by Vojtech Trefny.
+
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-status.8.adoc b/man/cryptsetup-status.8.adoc
new file mode 100644
index 0000000..1152f55
--- /dev/null
+++ b/man/cryptsetup-status.8.adoc
@@ -0,0 +1,24 @@
+= cryptsetup-status(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_STATUS:
+
+== Name
+
+cryptsetup-status - report the status for a mapping
+
+== SYNOPSIS
+
+*cryptsetup _status_ [<options>] <name>*
+
+== DESCRIPTION
+
+Reports the status for the mapping <name>.
+
+*<options>* can be [--header, --disable-locks].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-tcryptDump.8.adoc b/man/cryptsetup-tcryptDump.8.adoc
new file mode 100644
index 0000000..51d5041
--- /dev/null
+++ b/man/cryptsetup-tcryptDump.8.adoc
@@ -0,0 +1,37 @@
+= cryptsetup-tcryptDump(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_TCRYPTDUMP:
+
+== Name
+
+cryptsetup-tcryptDump - dump the header information of a TCRYPT (TrueCrypt or VeraCrypt compatible) device
+
+== SYNOPSIS
+
+*cryptsetup _tcryptDump_ [<options>] <device>*
+
+== DESCRIPTION
+
+Dump the header information of a TCRYPT (TrueCrypt or VeraCrypt compatible) device.
+
+If the --dump-volume-key option is used, the TCRYPT device volume key is
+dumped instead of TCRYPT header info. Beware that the volume key (or
+concatenated volume keys if cipher chain is used) can be used to decrypt
+the data stored in the TCRYPT container without a passphrase. This means
+that if the volume key is compromised, the whole device has to be erased
+to prevent further access. Use this option carefully.
+
+*<options>* can be [--dump-volume-key, --key-file, --tcrypt-hidden,
+--tcrypt-system, --tcrypt-backup, --veracrypt (ignored), --disable-veracrypt,
+--veracrypt-pim, --veracrypt-query-pim, --cipher, --hash, --header,
+--verify-passphrase, --timeout].
+
+The keyfile parameter allows a combination of file content with the
+passphrase and can be repeated.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup-token.8.adoc b/man/cryptsetup-token.8.adoc
new file mode 100644
index 0000000..7a3a069
--- /dev/null
+++ b/man/cryptsetup-token.8.adoc
@@ -0,0 +1,55 @@
+= cryptsetup-token(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_TOKEN:
+
+== Name
+
+cryptsetup-token - manage LUKS2 tokens
+
+== SYNOPSIS
+
+*cryptsetup _token_ <add|remove|import|export|unassign> [<options>] <device>*
+
+== DESCRIPTION
+
+Action _add_ creates a new keyring token to enable auto-activation of the
+device. For the auto-activation, the passphrase must be stored in
+keyring with the specified description. Usually, the passphrase should
+be stored in _user_ or _user-session_ keyring. The _token_ command is
+supported only for LUKS2.
+
+For adding new keyring token, option --key-description is mandatory.
+Also, new token is assigned to key slot specified with --key-slot option
+or to all active key slots in the case --key-slot option is omitted.
+
+To remove existing token, specify the token ID which should be removed
+with --token-id option.
+
+*WARNING:* The action _token remove_ removes any token type, not just
+_keyring_ type from token slot specified by --token-id option.
+
+Action _import_ can store arbitrary valid token json in LUKS2 header. It
+may be passed via standard input or via file passed in --json-file
+option. If you specify --key-slot then successfully imported token is
+also assigned to the key slot.
+
+Action _export_ writes requested token JSON to a file passed with
+--json-file or to standard output.
+
+Action _unassign_ removes token binding to specified keyslot. Both token
+and keyslot must be specified by --token-id and --key-slot parameters.
+
+If --token-id is used with action _add_ or action _import_ and a token
+with that ID already exists, option --token-replace can be used to
+replace the existing token.
+
+*<options>* can be [--header, --token-id, --key-slot, --key-description,
+--disable-external-tokens, --disable-locks, --disable-keyring,
+--json-file, --token-replace, --unbound].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
diff --git a/man/cryptsetup.8 b/man/cryptsetup.8
deleted file mode 100644
index b9082ee..0000000
--- a/man/cryptsetup.8
+++ /dev/null
@@ -1,1777 +0,0 @@
-.TH CRYPTSETUP "8" "January 2021" "cryptsetup" "Maintenance Commands"
-.SH NAME
-cryptsetup - manage plain dm-crypt and LUKS encrypted volumes
-.SH SYNOPSIS
-.B cryptsetup <options> <action> <action args>
-.SH DESCRIPTION
-.PP
-cryptsetup is used to conveniently setup dm-crypt managed
-device-mapper mappings. These include plain dm-crypt volumes and
-LUKS volumes. The difference is that LUKS uses a metadata header
-and can hence offer more features than plain dm-crypt. On the other
-hand, the header is visible and vulnerable to damage.
-
-In addition, cryptsetup provides limited support for the use of
-loop-AES volumes, TrueCrypt, VeraCrypt and BitLocker compatible volumes.
-
-.SH PLAIN DM-CRYPT OR LUKS?
-.PP
-Unless you understand the cryptographic background well, use LUKS.
-With plain dm-crypt there are a number of possible user errors
-that massively decrease security. While LUKS cannot fix them
-all, it can lessen the impact for many of them.
-.SH WARNINGS
-.PP
-A lot of good information on the risks of using encrypted storage,
-on handling problems and on security aspects can be found in the
-\fICryptsetup FAQ\fR. Read it. Nonetheless, some risks deserve
-to be mentioned here.
-
-\fBBackup:\fR Storage media die. Encryption has no influence on that.
-Backup is mandatory for encrypted data as well, if the data has any
-worth. See the Cryptsetup FAQ for advice on how to do a backup of an
-encrypted volume.
-
-\fBCharacter encoding:\fR If you enter a
-passphrase with special symbols, the passphrase can change
-depending on character encoding. Keyboard settings can also change,
-which can make blind input hard or impossible. For
-example, switching from some ASCII 8-bit variant to UTF-8
-can lead to a different binary encoding and hence different
-passphrase seen by cryptsetup, even if what you see on
-the terminal is exactly the same. It is therefore highly
-recommended to select passphrase characters only from 7-bit
-ASCII, as the encoding for 7-bit ASCII stays the same for
-all ASCII variants and UTF-8.
-
-\fBLUKS header:\fR If the header of a LUKS volume gets damaged,
-all data is permanently lost unless you have a header-backup.
-If a key-slot is damaged, it can only be restored from a header-backup
-or if another active key-slot with known passphrase is undamaged.
-Damaging the LUKS header is something people manage to do with
-surprising frequency. This risk is the result of a trade-off
-between security and safety, as LUKS is designed for fast and
-secure wiping by just overwriting header and key-slot area.
-
-\fBPreviously used partitions:\fR If a partition was previously used,
-it is a very good idea to wipe filesystem signatures, data, etc. before
-creating a LUKS or plain dm-crypt container on it.
-For a quick removal of filesystem signatures, use "wipefs". Take care
-though that this may not remove everything. In particular, MD RAID
-signatures at the end of a device may survive. It also does not
-remove data. For a full wipe, overwrite the whole partition before
-container creation. If you do not know how to do that, the
-cryptsetup FAQ describes several options.
-
-.SH BASIC ACTIONS
-The following are valid actions for all supported device types.
-
-\fIopen\fR <device> <name> \-\-type <device_type>
-.IP
-Opens (creates a mapping with) <name> backed by device <device>.
-
-Device type can be \fIplain\fR, \fIluks\fR (default), \fIluks1\fR, \fIluks2\fR,
-\fIloopaes\fR or \fItcrypt\fR.
-
-For backward compatibility there are \fBopen\fR command aliases:
-
-\fBcreate\fR (argument-order <name> <device>): open \-\-type plain
-.br
-\fBplainOpen\fR: open \-\-type plain
-.br
-\fBluksOpen\fR: open \-\-type luks
-.br
-\fBloopaesOpen\fR: open \-\-type loopaes
-.br
-\fBtcryptOpen\fR: open \-\-type tcrypt
-.br
-\fBbitlkOpen\fR: open \-\-type bitlk
-
-\fB<options>\fR are type specific and are described below
-for individual device types. For \fBcreate\fR, the order of the <name>
-and <device> options is inverted for historical reasons, all other
-aliases use the standard \fB<device> <name>\fR order.
-.PP
-\fIclose\fR <name>
-.IP
-Removes the existing mapping <name> and wipes the key from kernel memory.
-
-For backward compatibility there are \fBclose\fR command aliases:
-\fBremove\fR, \fBplainClose\fR, \fBluksClose\fR, \fBloopaesClose\fR,
-\fBtcryptClose\fR (all behaves exactly the same, device type is
-determined automatically from active device).
-
-\fB<options>\fR can be [\-\-deferred]
-
-.PP
-\fIstatus\fR <name>
-.IP
-Reports the status for the mapping <name>.
-.PP
-\fIresize\fR <name>
-.IP
-Resizes an active mapping <name>.
-
-If \-\-size (in 512-bytes sectors) or \-\-device\-size are not specified,
-the size is computed from the underlying device. For LUKS it is the size
-of the underlying device without the area reserved for LUKS header
-(see data payload offset in \fBluksDump\fR command).
-For plain crypt device, the whole device size is used.
-
-Note that this does not change the raw device geometry, it just
-changes how many sectors of the raw device are represented
-in the mapped device.
-
-If cryptsetup detected volume key for active device loaded in kernel keyring
-service, resize action would first try to retrieve
-the key using a token and only if it failed it'd ask for a passphrase
-to unlock a keyslot (LUKS) or to derive a volume key again (plain mode).
-The kernel keyring is used by default for LUKS2 devices.
-
-With LUKS2 device additional \fB<options>\fR can be [\-\-token\-id, \-\-token\-only,
-\-\-key\-slot, \-\-key\-file, \-\-keyfile\-size, \-\-keyfile\-offset, \-\-timeout,
-\-\-disable\-locks, \-\-disable\-keyring].
-
-.PP
-\fIrefresh\fR <name>
-.IP
-Refreshes parameters of active mapping <name>.
-
-Updates parameters of active device <name> without need to deactivate the device
-(and umount filesystem). Currently it supports parameters refresh on following
-devices: LUKS1, LUKS2 (including authenticated encryption), plain crypt
-and loopaes.
-
-Mandatory parameters are identical to those of an open action for respective
-device type.
-
-You may change following parameters on all devices \-\-perf\-same_cpu_crypt,
-\-\-perf\-submit_from_crypt_cpus, \-\-perf-no_read_workqueue, \-\-perf-no_write_workqueue
-and \-\-allow\-discards.
-
-Refreshing device without any optional parameter will refresh the device
-with default setting (respective to device type).
-
-\fBLUKS2 only:\fR
-
-\-\-integrity\-no\-journal parameter affects only LUKS2 devices with
-underlying dm-integrity device.
-
-Adding option \-\-persistent stores any combination of device parameters
-above in LUKS2 metadata (only after successful refresh operation).
-
-\-\-disable\-keyring parameter refreshes a device with volume key passed
-in dm-crypt driver.
-
-.PP
-\fIreencrypt\fR <device> or --active-name <name> [<new_name>]
-.IP
-Run resilient reencryption (LUKS2 device only).
-
-There are 3 basic modes of operation:
-
-\(bu device reencryption (\fIreencrypt\fR)
-
-\(bu device encryption (\fIreencrypt\fR \-\-encrypt)
-
-\(bu device decryption (\fIreencrypt\fR \-\-decrypt)
-
-<device> or --active-name <name> is mandatory parameter.
-
-With <device> parameter cryptsetup looks up active <device> dm mapping.
-If no active mapping is detected, it starts offline reencryption otherwise online
-reencryption takes place.
-
-Reencryption process may be safely interrupted by a user via SIGTERM signal (ctrl+c).
-
-To resume already initialized or interrupted reencryption, just run the cryptsetup
-\fIreencrypt\fR command again to continue the reencryption operation.
-Reencryption may be resumed with different \-\-resilience or \-\-hotzone\-size unless
-implicit datashift resilience mode is used (reencrypt \-\-encrypt with \-\-reduce-device-size
-option).
-
-If the reencryption process was interrupted abruptly (reencryption process crash, system crash, poweroff)
-it may require recovery. The recovery is currently run automatically on next activation (action \fIopen\fR)
-when needed.
-
-Optional parameter <new_name> takes effect only with \-\-encrypt option and it activates device <new_name>
-immediately after encryption initialization gets finished. That's useful when device needs to be ready
-as soon as possible and mounted (used) before full data area encryption is completed.
-
-Action supports following additional \fB<options>\fR [\-\-encrypt, \-\-decrypt, \-\-device\-size,
-\-\-resilience, \-\-resilience-hash, \-\-hotzone-size, \-\-init\-only, \-\-resume\-only,
-\-\-reduce\-device\-size, \-\-master\-key\-file, \-\-key\-size].
-
-.SH PLAIN MODE
-Plain dm-crypt encrypts the device sector-by-sector with a
-single, non-salted hash of the passphrase. No checks
-are performed, no metadata is used. There is no formatting operation.
-When the raw device is mapped (opened), the usual device operations
-can be used on the mapped device, including filesystem creation.
-Mapped devices usually reside in /dev/mapper/<name>.
-
-The following are valid plain device type actions:
-
-\fIopen\fR \-\-type plain <device> <name>
-.br
-\fIcreate\fR <name> <device> (\fBOBSOLETE syntax\fR)
-.IP
-Opens (creates a mapping with) <name> backed by device <device>.
-
-\fB<options>\fR can be [\-\-hash, \-\-cipher, \-\-verify-passphrase,
-\-\-sector\-size, \-\-key-file, \-\-keyfile-offset, \-\-key-size,
-\-\-offset, \-\-skip, \-\-size, \-\-readonly, \-\-shared, \-\-allow\-discards,
-\-\-refresh]
-
-Example: 'cryptsetup open \-\-type plain /dev/sda10 e1' maps the raw
-encrypted device /dev/sda10 to the mapped (decrypted) device
-/dev/mapper/e1, which can then be mounted, fsck-ed or have a
-filesystem created on it.
-.SH LUKS EXTENSION
-LUKS, the Linux Unified Key Setup, is a standard for disk encryption.
-It adds a standardized header at the start of the device,
-a key-slot area directly behind the header and the bulk
-data area behind that. The whole set is called a 'LUKS container'.
-The device that a LUKS container resides on is called a 'LUKS device'.
-For most purposes, both terms can be used interchangeably. But
-note that when the LUKS header is at a nonzero offset
-in a device, then the device is not a LUKS device anymore, but
-has a LUKS container stored in it at an offset.
-
-LUKS can manage multiple passphrases that can be individually revoked
-or changed and that can be securely scrubbed from persistent
-media due to the use of anti-forensic stripes. Passphrases
-are protected against brute-force and dictionary
-attacks by PBKDF2, which implements hash iteration and salting
-in one function.
-
-LUKS2 is a new version of header format that allows additional
-extensions like different PBKDF algorithm or authenticated encryption.
-You can format device with LUKS2 header if you specify
-\fI\-\-type luks2\fR in \fIluksFormat\fR command.
-For activation, the format is already recognized automatically.
-
-Each passphrase, also called a
-.B key
-in this document, is associated with one of 8 key-slots.
-Key operations that do not specify a slot affect the first slot
-that matches the supplied passphrase or the first empty slot if
-a new passphrase is added.
-
-The \fB<device>\fR parameter can also be specified by a LUKS UUID in the
-format UUID=<uuid>. Translation to real device name uses symlinks
-in /dev/disk/by-uuid directory.
-
-To specify a detached header, the \fB\-\-header\fR parameter can be used
-in all LUKS commands and always takes precedence over the positional
-\fB<device>\fR parameter.
-
-The following are valid LUKS actions:
-
-\fIluksFormat\fR <device> [<key file>]
-.IP
-Initializes a LUKS partition and sets the initial passphrase
-(for key-slot 0),
-either via prompting or via <key file>. Note that
-if the second argument is present, then the passphrase
-is taken from the file given there, without the need
-to use the \-\-key-file option. Also note that for both forms
-of reading the passphrase from a file you can
-give '-' as file name, which results in the passphrase being read
-from stdin and the safety-question being skipped.
-
-You cannot call luksFormat on a device or filesystem that is mapped or in use,
-e.g. mounted filesysem, used in LVM, active RAID member etc.
-The device or filesystem has to be un-mounted in order to call luksFormat.
-
-To use LUKS2, specify \fI\-\-type luks2\fR.
-
-\fB<options>\fR can be [\-\-hash, \-\-cipher, \-\-verify\-passphrase,
-\-\-key\-size, \-\-key\-slot,
-\-\-key\-file (takes precedence over optional second argument),
-\-\-keyfile\-offset, \-\-keyfile\-size, \-\-use\-random | \-\-use\-urandom,
-\-\-uuid, \-\-master\-key\-file, \-\-iter\-time, \-\-header,
-\-\-pbkdf\-force\-iterations,
-\-\-force\-password, \-\-disable-locks].
-
-For LUKS2, additional \fB<options>\fR can be
-[\-\-integrity, \-\-integrity\-no\-wipe, \-\-sector\-size,
-\-\-label, \-\-subsystem,
-\-\-pbkdf, \-\-pbkdf\-memory, \-\-pbkdf\-parallel,
-\-\-disable\-locks, \-\-disable\-keyring,
-\-\-luks2\-metadata\-size, \-\-luks2\-keyslots\-size,
-\-\-keyslot\-cipher, \-\-keyslot\-key\-size].
-
-\fBWARNING:\fR Doing a luksFormat on an existing LUKS container will
-make all data the old container permanently irretrievable unless
-you have a header backup.
-.PP
-\fIopen\fR \-\-type luks <device> <name>
-.br
-\fIluksOpen\fR <device> <name> (\fBold syntax\fR)
-.IP
-Opens the LUKS device <device> and sets up a mapping <name> after
-successful verification of the supplied passphrase.
-
-First, the passphrase is searched in LUKS tokens. If it's not
-found in any token and also the passphrase is not supplied via \-\-key-file,
-the command prompts for it interactively.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
-\-\-keyfile\-size, \-\-readonly, \-\-test\-passphrase,
-\-\-allow\-discards, \-\-header, \-\-key-slot, \-\-master\-key\-file, \-\-token\-id,
-\-\-token\-only, \-\-disable\-keyring, \-\-disable\-locks, \-\-type, \-\-refresh,
-\-\-serialize\-memory\-hard\-pbkdf].
-.PP
-\fIluksSuspend\fR <name>
-.IP
-Suspends an active device (all IO operations will block
-and accesses to the device will wait indefinitely)
-and wipes the encryption
-key from kernel memory. Needs kernel 2.6.19 or later.
-
-After this operation you have to use \fIluksResume\fR to reinstate
-the encryption key and unblock the device or \fIclose\fR to remove
-the mapped device.
-
-\fBWARNING:\fR never suspend the device on which the cryptsetup binary resides.
-
-\fB<options>\fR can be [\-\-header, \-\-disable\-locks].
-.PP
-\fIluksResume\fR <name>
-.IP
-Resumes a suspended device and reinstates the encryption key.
-Prompts interactively for a passphrase if \-\-key-file is not given.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-size, \-\-header,
-\-\-disable\-keyring, \-\-disable\-locks, \-\-type]
-.PP
-\fIluksAddKey\fR <device> [<key file with new key>]
-.IP
-Adds a new passphrase. An existing passphrase must be supplied
-interactively or via \-\-key-file.
-The new passphrase to be added can be specified interactively
-or read from the file given as positional argument.
-
-\fBNOTE:\fR with \-\-unbound option the action creates new unbound
-LUKS2 keyslot. The keyslot cannot be used for device activation.
-If you don't pass new key via \-\-master\-key\-file option,
-new random key is generated. Existing passphrase for any active keyslot
-is not required.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
-\-\-keyfile\-size, \-\-new\-keyfile\-offset,
-\-\-new\-keyfile\-size, \-\-key\-slot, \-\-master\-key\-file,
-\-\-force\-password, \-\-header, \-\-disable\-locks,
-\-\-iter-time, \-\-pbkdf, \-\-pbkdf\-force\-iterations,
-\-\-unbound, \-\-type, \-\-keyslot\-cipher, \-\-keyslot\-key\-size].
-.PP
-\fIluksRemoveKey\fR <device> [<key file with passphrase to be removed>]
-.IP
-Removes the supplied passphrase from the LUKS device. The
-passphrase to be removed can be specified interactively,
-as the positional argument or via \-\-key-file.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
-\-\-keyfile\-size, \-\-header, \-\-disable\-locks, \-\-type]
-
-\fBWARNING:\fR If you read the passphrase from stdin
-(without further argument or with '-' as an argument
-to \-\-key\-file), batch-mode (\-q) will be implicitly
-switched on and no warning will be given when you remove the
-last remaining passphrase from a LUKS container. Removing
-the last passphrase makes the LUKS container permanently
-inaccessible.
-.PP
-\fIluksChangeKey\fR <device> [<new key file>]
-.IP
-Changes an existing passphrase. The passphrase
-to be changed must be supplied interactively or via \-\-key\-file.
-The new passphrase can be supplied interactively or in
-a file given as positional argument.
-
-If a key-slot is specified (via \-\-key-slot), the passphrase
-for that key-slot must be given and the new passphrase
-will overwrite the specified key-slot. If no key-slot
-is specified and there is still a free key-slot, then
-the new passphrase will be put into a free key-slot before the
-key-slot containing the old passphrase is purged. If there is
-no free key-slot, then the key-slot with the old passphrase is
-overwritten directly.
-
-\fBWARNING:\fR If a key-slot is overwritten, a media failure
-during this operation can cause the overwrite to fail after
-the old passphrase has been wiped and make the LUKS container
-inaccessible.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
-\-\-keyfile\-size, \-\-new\-keyfile\-offset,
-\-\-iter-time, \-\-pbkdf, \-\-pbkdf\-force\-iterations,
-\-\-new\-keyfile\-size, \-\-key\-slot, \-\-force\-password, \-\-header,
-\-\-disable\-locks, \-\-type, \-\-keyslot\-cipher, \-\-keyslot\-key\-size].
-.PP
-.PP
-\fIluksConvertKey\fR <device>
-.IP
-Converts an existing LUKS2 keyslot to new pbkdf parameters. The
-passphrase for keyslot to be converted must be supplied interactively
-or via \-\-key\-file. If no \-\-pbkdf parameters are specified LUKS2
-default pbkdf values will apply.
-
-If a keyslot is specified (via \-\-key\-slot), the passphrase for that
-keyslot must be given. If no keyslot is specified and there is still
-a free keyslot, then the new parameters will be put into a free
-keyslot before the keyslot containing the old parameters is
-purged. If there is no free keyslot, then the keyslot with the old
-parameters is overwritten directly.
-
-\fBWARNING:\fR If a keyslot is overwritten, a media failure during
-this operation can cause the overwrite to fail after the old
-parameters have been wiped and make the LUKS container inaccessible.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
-\-\-keyfile\-size, \-\-key\-slot, \-\-header, \-\-disable\-locks,
-\-\-iter-time, \-\-pbkdf, \-\-pbkdf\-force\-iterations,
-\-\-pbkdf\-memory, \-\-pbkdf\-parallel,
-\-\-keyslot\-cipher, \-\-keyslot\-key\-size].
-.PP
-\fIluksKillSlot\fR <device> <key slot number>
-.IP
-Wipe the key-slot number <key slot> from the LUKS device. Except running
-in batch-mode (\-q) a remaining passphrase must be supplied,
-either interactively or via \-\-key-file.
-This command can remove the last remaining key-slot, but requires
-an interactive confirmation when doing so. Removing the last
-passphrase makes a LUKS container permanently inaccessible.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
-\-\-keyfile\-size, \-\-header, \-\-disable\-locks, \-\-type].
-
-\fBWARNING:\fR If you read the passphrase from stdin
-(without further argument or with '-' as an argument
-to \-\-key-file), batch-mode (\-q) will be implicitly
-switched on and no warning will be given when you remove the
-last remaining passphrase from a LUKS container. Removing
-the last passphrase makes the LUKS container permanently
-inaccessible.
-
-\fBNOTE:\fR If there is no passphrase provided (on stdin or through
-\-\-key-file argument) and batch-mode (\-q) is active, the
-key-slot is removed without any other warning.
-
-.PP
-\fIerase\fR <device>
-.br
-\fIluksErase\fR <device>
-.IP
-Erase all keyslots and make the LUKS container permanently inaccessible.
-You do not need to provide any password for this operation.
-
-\fBWARNING:\fR This operation is irreversible.
-.PP
-\fIluksUUID\fR <device>
-.IP
-Print the UUID of a LUKS device.
-.br
-Set new UUID if \fI\-\-uuid\fR option is specified.
-.PP
-\fIisLuks\fR <device>
-.IP
-Returns true, if <device> is a LUKS device, false otherwise.
-Use option \-v to get human-readable feedback. 'Command successful.'
-means the device is a LUKS device.
-
-By specifying \-\-type you may query for specific LUKS version.
-.PP
-\fIluksDump\fR <device>
-.IP
-Dump the header information of a LUKS device.
-
-If the \-\-dump\-master\-key option is used, the LUKS device master key is
-dumped instead of the keyslot info. Together with \-\-master\-key\-file option,
-master key is dumped to a file instead of standard output. Beware that the
-master key cannot be changed without reencryption and can be used to decrypt
-the data stored in the LUKS container without a passphrase and even without the
-LUKS header. This means that if the master key is compromised, the whole device
-has to be erased or reencrypted to prevent further access. Use this option carefully.
-
-To dump the master key, a passphrase has to be supplied,
-either interactively or via \-\-key\-file.
-
-To dump unbound key (LUKS2 format only), \-\-unbound parameter, specific \-\-key-slot
-id and proper passphrase has to be supplied, either interactively or via \-\-key\-file.
-Optional \-\-master\-key\-file parameter enables unbound keyslot dump to a file.
-
-\fB<options>\fR can be [\-\-dump\-master\-key, \-\-key\-file,
-\-\-keyfile\-offset, \-\-keyfile\-size, \-\-header, \-\-disable\-locks,
-\-\-master\-key\-file, \-\-type, \-\-unbound, \-\-key-slot].
-
-\fBWARNING:\fR If \-\-dump\-master\-key is used with \-\-key\-file
-and the argument to \-\-key\-file is '-', no validation question
-will be asked and no warning given.
-.PP
-\fIluksHeaderBackup\fR <device> \-\-header\-backup\-file <file>
-.IP
-Stores a binary backup of the LUKS header and keyslot area.
-.br
-Note: Using '-' as filename writes the header backup to a file named '-'.
-
-\fBWARNING:\fR This backup file and a passphrase valid
-at the time of backup allows decryption of the
-LUKS data area, even if the passphrase was later changed or
-removed from the LUKS device. Also note that with a header
-backup you lose the ability to securely wipe the LUKS
-device by just overwriting the header and key-slots. You
-either need to securely erase all header backups in
-addition or overwrite the encrypted data area as well.
-The second option is less secure, as some sectors
-can survive, e.g. due to defect management.
-.PP
-\fIluksHeaderRestore\fR <device> \-\-header\-backup\-file <file>
-.IP
-Restores a binary backup of the LUKS header and keyslot area
-from the specified file.
-.br
-Note: Using '-' as filename reads the header backup from a file named '-'.
-
-\fBWARNING:\fR Header and keyslots will be replaced, only
-the passphrases from the backup will work afterward.
-
-This command requires that the master key size and data offset
-of the LUKS header already on the device and of the header backup
-match. Alternatively, if there is no LUKS header on the device,
-the backup will also be written to it.
-.PP
-\fItoken\fR <add|remove|import|export> <device>
-.IP
-Action \fIadd\fR creates new keyring token to enable auto-activation of the device.
-For the auto-activation, the passphrase must be stored in keyring with the specified
-description. Usually, the passphrase should be stored in \fIuser\fR or
-\fIuser-session\fR keyring.
-The \fItoken\fR command is supported only for LUKS2.
-
-For adding new keyring token, option \-\-key\-description is mandatory.
-Also, new token is assigned to key slot specified with \-\-key\-slot option or to all
-active key slots in the case \-\-key\-slot option is omitted.
-
-To remove existing token, specify the token ID which should be removed with
-\-\-token\-id option.
-
-\fBWARNING:\fR The action \fItoken remove\fR removes any token type, not just \fIkeyring\fR
-type from token slot specified by \-\-token\-id option.
-
-Action \fIimport\fR can store arbitrary valid token json in LUKS2 header. It may be passed via
-standard input or via file passed in \-\-json\-file option. If you specify \-\-key\-slot then
-successfully imported token is also assigned to the key slot.
-
-Action \fIexport\fR writes requested token json to a file passed with \-\-json\-file or
-to standard output.
-
-\fB<options>\fR can be [\-\-header, \-\-token\-id, \-\-key\-slot, \-\-key\-description,
-\-\-disable\-locks, \-\-disable\-keyring, \-\-json\-file].
-.PP
-\fIconvert\fR <device> \-\-type <format>
-.IP
-Converts the device between LUKS1 and LUKS2 format (if possible).
-The conversion will not be performed if there is an additional LUKS2 feature or LUKS1 has
-unsupported header size.
-
-Conversion (both directions) must be performed on inactive device. There must not be active
-dm-crypt mapping established for LUKS header requested for conversion.
-
-\fB\-\-type\fR option is mandatory with following accepted values: \fIluks1\fR or \fIluks2\fR.
-
-\fBWARNING:\fR The \fIconvert\fR action can destroy the LUKS header in the case of a crash
-during conversion or if a media error occurs.
-Always create a header backup before performing this operation!
-
-\fB<options>\fR can be [\-\-header, \-\-type].
-.PP
-\fIconfig\fR <device>
-.IP
-Set permanent configuration options (store to LUKS header).
-The \fIconfig\fR command is supported only for LUKS2.
-
-The permanent options can be \fI\-\-priority\fR to set priority (normal, prefer, ignore)
-for keyslot (specified by \fI\-\-key\-slot\fR) or \fI\-\-label\fR and \fI\-\-subsystem\fR.
-
-\fB<options>\fR can be [\-\-priority, \-\-label, \-\-subsystem, \-\-key\-slot, \-\-header].
-
-.SH loop-AES EXTENSION
-cryptsetup supports mapping loop-AES encrypted partition using
-a compatibility mode.
-.PP
-\fIopen\fR \-\-type loopaes <device> <name> \-\-key\-file <keyfile>
-.br
-\fIloopaesOpen\fR <device> <name> \-\-key\-file <keyfile>  (\fBold syntax\fR)
-.IP
-Opens the loop-AES <device> and sets up a mapping <name>.
-
-If the key file is encrypted with GnuPG, then you have to use
-\-\-key\-file=\- and decrypt it before use, e.g. like this:
-.br
-gpg \-\-decrypt <keyfile> | cryptsetup loopaesOpen \-\-key\-file=\-
-<device> <name>
-
-\fBWARNING:\fR The loop-AES extension cannot use the direct input of key file
-on real terminal because the keys are separated by end-of-line and only part
-of the multi-key file would be read.
-.br
-If you need it in script, just use the pipe redirection:
-.br
-echo $keyfile | cryptsetup loopaesOpen \-\-key\-file=\- <device> <name>
-
-Use \fB\-\-keyfile\-size\fR to specify the proper key length if needed.
-
-Use \fB\-\-offset\fR to specify device offset. Note that the units
-need to be specified in number of 512 byte sectors.
-
-Use \fB\-\-skip\fR to specify the IV offset. If the original device
-used an offset and but did not use it in IV sector calculations,
-you have to explicitly use \fB\-\-skip 0\fR in addition to the offset
-parameter.
-
-Use \fB\-\-hash\fR to override the default hash function for
-passphrase hashing (otherwise it is detected according to key
-size).
-
-\fB<options>\fR can be [\-\-key\-file, \-\-key\-size, \-\-offset, \-\-skip,
-\-\-hash, \-\-readonly, \-\-allow\-discards, \-\-refresh].
-.PP
-See also section 7 of the FAQ and \fBhttp://loop-aes.sourceforge.net\fR
-for more information regarding loop-AES.
-.SH TCRYPT (TrueCrypt-compatible and VeraCrypt) EXTENSION
-cryptsetup supports mapping of TrueCrypt, tcplay or VeraCrypt
-(with \fB\-\-veracrypt\fR option) encrypted partition
-using a native Linux kernel API.
-Header formatting and TCRYPT header change is not supported, cryptsetup
-never changes TCRYPT header on-device.
-
-TCRYPT extension requires kernel userspace
-crypto API to be available (introduced in Linux kernel 2.6.38).
-If you are configuring kernel yourself, enable
-"User-space interface for symmetric key cipher algorithms" in
-"Cryptographic API" section (CRYPTO_USER_API_SKCIPHER .config option).
-
-Because TCRYPT header is encrypted, you have to always provide valid
-passphrase and keyfiles.
-
-Cryptsetup should recognize all header variants, except legacy cipher chains
-using LRW encryption mode with 64 bits encryption block (namely Blowfish
-in LRW mode is not recognized, this is limitation of kernel crypto API).
-
-To recognize a VeraCrypt device use the \fB\-\-veracrypt\fR option.
-VeraCrypt is just extension of TrueCrypt header with increased
-iteration count so unlocking can take quite a lot of time (in comparison
-with TCRYPT device).
-
-To open a VeraCrypt device with a custom Personal Iteration Multiplier (PIM)
-value, \fBadditionally to \-\-veracrypt \fR use either the
-\fB\-\-veracrypt\-pim=<PIM>\fR option to directly specify the PIM on the command-
-line or use \fB\-\-veracrypt\-query\-pim\fR to be prompted for the PIM.
-
-The PIM value affects the number of iterations applied during key derivation. Please refer to
-\fBhttps://www.veracrypt.fr/en/Personal%20Iterations%20Multiplier%20%28PIM%29.html\fR
-for more detailed information.
-
-\fBNOTE:\fR Activation with \fBtcryptOpen\fR is supported only for cipher chains
-using LRW or XTS encryption modes.
-
-The \fBtcryptDump\fR command should work for all recognized TCRYPT devices
-and doesn't require superuser privilege.
-
-To map system device (device with boot loader where the whole encrypted
-system resides) use \fB\-\-tcrypt\-system\fR option.
-You can use partition device as the parameter (parameter must be real partition
-device, not an image in a file), then only this partition is mapped.
-
-If you have the whole TCRYPT device as a file image and you want to map multiple
-partition encrypted with system encryption, please create loopback mapping
-with partitions first (\fBlosetup \-P\fR, see \fPlosetup(8)\fR man page for more info),
-and use loop partition as the device parameter.
-
-If you use the whole base device as a parameter, one device for the whole system
-encryption is mapped. This mode is available only for backward compatibility
-with older cryptsetup versions which mapped TCRYPT system encryption
-using the whole device.
-
-To use hidden header (and map hidden device, if available),
-use \fB\-\-tcrypt\-hidden\fR option.
-
-To explicitly use backup (secondary) header, use \fB\-\-tcrypt\-backup\fR
-option.
-
-\fBNOTE:\fR There is no protection for a hidden volume if
-the outer volume is mounted. The reason is that if there
-were any protection, it would require some metadata describing
-what to protect in the outer volume and the hidden volume would
-become detectable.
-
-.PP
-\fIopen\fR \-\-type tcrypt <device> <name>
-.br
-\fItcryptOpen\fR <device> <name>  (\fBold syntax\fR)
-.IP
-Opens the TCRYPT (a TrueCrypt-compatible) <device> and sets up
-a mapping <name>.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-tcrypt\-hidden,
-\-\-tcrypt\-system, \-\-tcrypt\-backup, \-\-readonly, \-\-test\-passphrase,
-\-\-allow-discards, \-\-veracrypt, \-\-veracrypt\-pim, \-\-veracrypt\-query\-pim,
-\-\-header].
-
-The keyfile parameter allows a combination of file content with the
-passphrase and can be repeated. Note that using keyfiles is compatible
-with TCRYPT and is different from LUKS keyfile logic.
-
-If you use \fB\-\-header\fR in combination with hidden or system options,
-the header file must contain specific headers on the same positions as the original
-encrypted container.
-
-\fBWARNING:\fR Option \fB\-\-allow\-discards\fR cannot be combined with
-option \fB\-\-tcrypt\-hidden\fR. For normal mapping, it can cause
-the \fBdestruction of hidden volume\fR (hidden volume appears as unused space
-for outer volume so this space can be discarded).
-
-.PP
-\fItcryptDump\fR <device>
-.IP
-Dump the header information of a TCRYPT device.
-
-If the \-\-dump\-master\-key option is used, the TCRYPT device master key
-is dumped instead of TCRYPT header info. Beware that the master key
-(or concatenated master keys if cipher chain is used)
-can be used to decrypt the data stored in the TCRYPT container without
-a passphrase.
-This means that if the master key is compromised, the whole device has
-to be erased to prevent further access. Use this option carefully.
-
-\fB<options>\fR can be [\-\-dump\-master\-key, \-\-key\-file,
-\-\-tcrypt\-hidden, \-\-tcrypt\-system, \-\-tcrypt\-backup].
-
-The keyfile parameter allows a combination of file content with the
-passphrase and can be repeated.
-.PP
-See also \fBhttps://en.wikipedia.org/wiki/TrueCrypt\fR for more information regarding
-TrueCrypt.
-
-Please note that cryptsetup does not use TrueCrypt code, please report
-all problems related to this compatibility extension to the cryptsetup project.
-
-.SH BITLK (Windows BitLocker-compatible) EXTENSION (EXPERIMENTAL)
-cryptsetup supports mapping of BitLocker and BitLocker to Go encrypted partition
-using a native Linux kernel API.
-Header formatting and BITLK header changes are not supported, cryptsetup
-never changes BITLK header on-device.
-
-\fBWARNING:\fR This extension is EXPERIMENTAL.
-
-BITLK extension requires kernel userspace crypto API to be available
-(for details see TCRYPT section).
-
-Cryptsetup should recognize all BITLK header variants, except legacy
-header used in Windows Vista systems and partially decrypted BitLocker devices.
-Activation of legacy devices encrypted in CBC mode requires at least
-Linux kernel version 5.3 and for devices using Elephant diffuser kernel 5.6.
-
-The \fBbitlkDump\fR command should work for all recognized BITLK devices
-and doesn't require superuser privilege.
-
-For unlocking with the \fBopen\fR a password or a recovery passphrase must
-be provided. Other unlocking methods (TPM, SmartCard) are not supported.
-
-.PP
-\fIopen\fR \-\-type bitlk <device> <name>
-.br
-\fIbitlkOpen\fR <device> <name>  (\fBold syntax\fR)
-.IP
-Opens the BITLK (a BitLocker-compatible) <device> and sets up
-a mapping <name>.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-readonly, \-\-test\-passphrase,
-\-\-allow-discards].
-
-.PP
-\fIbitlkDump\fR <device>
-.IP
-Dump the header information of a BITLK device.
-
-Please note that cryptsetup does not use any Windows BitLocker code, please report
-all problems related to this compatibility extension to the cryptsetup project.
-.SH MISCELLANEOUS
-.PP
-\fIrepair\fR <device>
-.IP
-Tries to repair the device metadata if possible. Currently supported only
-for LUKS device type.
-
-This command is useful to fix some known benign LUKS metadata
-header corruptions. Only basic corruptions of unused keyslot
-are fixable. This command will only change the LUKS header, not
-any key-slot data. You may enforce LUKS version by adding \-\-type
-option.
-
-It also repairs (upgrades) LUKS2 reencryption metadata by adding
-metadata digest that protects it against malicious changes.
-
-If LUKS2 reencryption was interrupted in the middle of writting
-reencryption segment the repair command can be used to perform
-reencryption recovery so that reencryption can continue later.
-
-\fBWARNING:\fR Always create a binary backup of the original
-header before calling this command.
-.PP
-\fIbenchmark\fR <options>
-.IP
-Benchmarks ciphers and KDF (key derivation function).
-Without parameters, it tries to measure few common configurations.
-
-To benchmark other ciphers or modes, you need to specify \fB\-\-cipher\fR
-and \fB\-\-key\-size\fR options or \fB\-\-hash\fR for KDF test.
-
-\fBNOTE:\fR This benchmark is using memory only and is only informative.
-You cannot directly predict real storage encryption speed from it.
-
-For testing block ciphers, this benchmark requires kernel userspace
-crypto API to be available (introduced in Linux kernel 2.6.38).
-If you are configuring kernel yourself, enable
-"User-space interface for symmetric key cipher algorithms" in
-"Cryptographic API" section (CRYPTO_USER_API_SKCIPHER .config option).
-
-\fB<options>\fR can be [\-\-cipher, \-\-key\-size, \-\-hash].
-.SH OPTIONS
-.TP
-.B "\-\-verbose, \-v"
-Print more information on command execution.
-.TP
-.B "\-\-debug or \-\-debug\-json"
-Run in debug mode with full diagnostic logs. Debug output
-lines are always prefixed by '#'.
-If \-\-debug\-json is used, additional LUKS2 JSON data structures are printed.
-.TP
-.B "\-\-type <device-type>
-Specifies required device type, for more info read \fIBASIC ACTIONS\fR section.
-.TP
-.B "\-\-hash, \-h \fI<hash\-spec>\fR"
-Specifies the passphrase hash for \fIopen\fR (for plain and
-loopaes device types).
-
-Specifies the hash used in the LUKS key setup scheme and volume key digest
-for \fIluksFormat\fR. The specified hash is used as hash-parameter
-for PBKDF2 and for the AF splitter.
-
-The specified hash name is passed to the compiled-in crypto backend.
-Different backends may support different hashes.
-For \fIluksFormat\fR, the hash
-algorithm must provide at least 160 bits of output, which
-excludes, e.g., MD5. Do not use a non-crypto hash like
-\fB"crc32"\fR as this breaks security.
-
-Values compatible with old version of cryptsetup are
-\fB"ripemd160"\fR for \fIopen \-\-type plain\fR and
-\fB"sha1"\fR for \fIluksFormat\fR.
-
-Use \fIcryptsetup \-\-help\fR to show the defaults.
-.TP
-.B "\-\-cipher, \-c \fI<cipher\-spec>\fR"
-Set the cipher specification string.
-
-\fIcryptsetup \-\-help\fR shows the compiled-in defaults.
-The current default in the distributed sources is
-"aes-cbc-essiv:sha256" for plain dm-crypt and
-"aes-xts-plain64" for LUKS.
-
-If a hash is part of the cipher specification, then it is
-used as part of the IV generation. For example, ESSIV
-needs a hash function, while "plain64" does not and
-hence none is specified.
-
-For XTS mode you can optionally set a key size of
-512 bits with the \-s option. Key size for XTS
-mode is twice that for other modes for the same
-security level.
-
-XTS mode requires kernel 2.6.24 or later and plain64 requires
-kernel 2.6.33 or later. More information can be found in the FAQ.
-.TP
-.B "\-\-verify-passphrase, \-y"
-When interactively asking for a passphrase, ask for it twice
-and complain if both inputs do not match. Advised when creating
-a regular mapping for the first time, or when running
-\fIluksFormat\fR. Ignored on input from file or stdin.
-.TP
-.B "\-\-key-file, \-d \fIname\fR"
-Read the passphrase from file.
-
-If the name given is "-", then the passphrase will be read from stdin.
-In this case, reading will not stop at newline characters.
-
-With LUKS, passphrases supplied via \-\-key\-file are always
-the existing passphrases requested by a command, except in
-the case of \fIluksFormat\fR where \-\-key\-file is equivalent
-to the positional key file argument.
-
-If you want to set a new passphrase via key file, you have to
-use a positional argument to \fIluksAddKey\fR.
-
-See section \fBNOTES ON PASSPHRASE PROCESSING\fR for more information.
-.TP
-.B "\-\-keyfile\-offset \fIvalue\fR"
-Skip \fIvalue\fR bytes at the beginning of the key file.
-Works with all commands that accept key files.
-.TP
-.B "\-\-keyfile\-size, \-l \fIvalue\fR"
-Read a maximum of \fIvalue\fR bytes from the key file.
-The default is to read the whole file up to the compiled-in
-maximum that can be queried with \-\-help. Supplying more
-data than the compiled-in maximum aborts the operation.
-
-This option is useful
-to cut trailing newlines, for example. If \-\-keyfile\-offset
-is also given, the size count starts after the offset.
-Works with all commands that accept key files.
-.TP
-.B "\-\-new\-keyfile\-offset \fIvalue\fR"
-Skip \fIvalue\fR bytes at the start when
-adding a new passphrase from key file with
-\fIluksAddKey\fR.
-.TP
-.B "\-\-new\-keyfile\-size  \fIvalue\fR"
-Read a maximum of \fIvalue\fR bytes when adding
-a new passphrase from key file with \fIluksAddKey\fR.
-The default is to read the whole file up to the compiled-in
-maximum length that can be queried with \-\-help.
-Supplying more than the compiled in maximum aborts the
-operation.
-When \-\-new\-keyfile\-offset is also given, reading starts
-after the offset.
-.TP
-.B "\-\-master\-key\-file"
-Use a master key stored in a file.
-
-For \fIluksFormat\fR this
-allows creating a LUKS header with this specific
-master key. If the master key was taken from an existing
-LUKS header and all other parameters are the same,
-then the new header decrypts the data encrypted with the
-header the master key was taken from.
-
-Action \fIluksDump\fR together with \-\-dump\-master\-key
-option: The volume (master) key is stored in a file instead of
-being printed out to standard output.
-
-\fBWARNING:\fR If you create your own master key, you
-need to make sure to do it right. Otherwise, you can end
-up with a low-entropy or otherwise partially predictable
-master key which will compromise security.
-
-For \fIluksAddKey\fR this allows adding a new passphrase
-without having to know an existing one.
-
-For \fIopen\fR this allows one to open the LUKS device
-without giving a passphrase.
-.TP
-.B "\-\-dump\-master\-key"
-For \fIluksDump\fR this option includes the master key in the displayed
-information. Use with care, as the master key can be used to
-bypass the passphrases, see also option \-\-master\-key\-file.
-.TP
-.B "\-\-json\-file"
-Read token json from a file or write token to it. See \fItoken\fR action for more
-information. \-\-json\-file=- reads json from standard input or writes it to
-standard output respectively.
-.TP
-.B "\-\-use\-random"
-.TP
-.B "\-\-use\-urandom"
-For \fIluksFormat\fR these options define which kernel random number
-generator will be used to create the master key (which is a
-long-term key).
-
-See \fBNOTES ON RANDOM NUMBER GENERATORS\fR for more
-information. Use \fIcryptsetup \-\-help\fR
-to show the compiled-in default random number generator.
-
-\fBWARNING:\fR In a low-entropy situation (e.g. in an
-embedded system), both selections are problematic.
-Using /dev/urandom can lead to weak keys.
-Using /dev/random can block a long time, potentially
-forever, if not enough entropy can be harvested by
-the kernel.
-.TP
-.B "\-\-key\-slot, \-S <0\-7>"
-For LUKS operations that add key material, this options allows you
-to specify which key slot is selected for the new key.
-This option can be used for \fIluksFormat\fR,
-and \fIluksAddKey\fR.
-.br
-In addition, for \fIopen\fR, this option selects a
-specific key-slot to compare the passphrase against.
-If the given passphrase would only match a different key-slot,
-the operation fails.
-.TP
-.B "\-\-key\-size, \-s <bits>"
-Sets key size in bits. The argument has to be a multiple of
-8. The possible key-sizes are limited by the cipher and
-mode used.
-
-See /proc/crypto for more information. Note that key-size
-in /proc/crypto is stated in bytes.
-
-This option can be used for \fIopen \-\-type plain\fR or \fIluksFormat\fR.
-All other LUKS actions will use the key-size specified in the LUKS header.
-Use \fIcryptsetup \-\-help\fR to show the compiled-in defaults.
-.TP
-.B "\-\-size, \-b <number of 512 byte sectors>"
-Set the size of the device in sectors of 512 bytes.
-This option is only relevant for the \fIopen\fR and \fIresize\fR
-actions.
-.TP
-.B "\-\-offset, \-o <number of 512 byte sectors>"
-Start offset in the backend device in 512-byte sectors.
-This option is only relevant for the \fIopen\fR action with plain
-or loopaes device types or for LUKS devices in \fIluksFormat\fR.
-
-For LUKS, the \-\-offset option sets the data offset (payload) of data
-device and must be be aligned to 4096-byte sectors (must be multiple of 8).
-This option cannot be combined with \-\-align\-payload option.
-.TP
-.B "\-\-skip, \-p <number of 512 byte sectors>"
-Start offset used in IV calculation in 512-byte sectors
-(how many sectors of the encrypted data to skip at the beginning).
-This option is only relevant for the \fIopen\fR action with plain
-or loopaes device types.
-
-Hence, if \-\-offset \fIn\fR, and \-\-skip \fIs\fR, sector \fIn\fR
-(the first sector of the encrypted device) will get a sector number
-of \fIs\fR for the IV calculation.
-.TP
-.B "\-\-device\-size \fIsize[units]\fR"
-Instead of real device size, use specified value.
-
-With \fIreencrypt\fR action it means that only specified area
-(from the start of the device to the specified size) will be
-reencrypted.
-
-With \fIresize\fR action it sets new size of the device.
-
-If no unit suffix is specified, the size is in bytes.
-
-Unit suffix can be S for 512 byte sectors, K/M/G/T (or KiB,MiB,GiB,TiB)
-for units with 1024 base or KB/MB/GB/TB for 1000 base (SI scale).
-
-\fBWARNING:\fR This is destructive operation when used with reencrypt command.
-.TP
-.B "\-\-readonly, \-r"
-set up a read-only mapping.
-.TP
-.B "\-\-shared"
-Creates an additional mapping for one common
-ciphertext device. Arbitrary mappings are supported.
-This option is only relevant for the
-\fIopen \-\-type plain\fR action. Use \-\-offset, \-\-size and \-\-skip to
-specify the mapped area.
-.TP
-.B "\-\-pbkdf <PBKDF spec>"
-Set Password-Based Key Derivation Function (PBKDF) algorithm for LUKS keyslot.
-The PBKDF can be: \fIpbkdf2\fR (for PBKDF2 according to RFC2898),
-\fIargon2i\fR for Argon2i or \fIargon2id\fR for Argon2id
-(see https://www.cryptolux.org/index.php/Argon2 for more info).
-
-For LUKS1, only PBKDF2 is accepted (no need to use this option).
-The default PBKDF2 for LUKS2 is set during compilation time
-and is available in \fIcryptsetup \-\-help\fR output.
-
-A PBKDF is used for increasing dictionary and brute-force attack cost
-for keyslot passwords. The parameters can be time, memory and parallel cost.
-
-For PBKDF2, only time cost (number of iterations) applies.
-For Argon2i/id, there is also memory cost (memory required during
-the process of key derivation) and parallel cost (number of threads
-that run in parallel during the key derivation.
-
-Note that increasing memory cost also increases time, so the final
-parameter values are measured by a benchmark. The benchmark
-tries to find iteration time (\fI\-\-iter\-time\fR) with required
-memory cost \fI\-\-pbkdf\-memory\fR. If it is not possible,
-the memory cost is decreased as well.
-The parallel cost \fI\-\-pbkdf\-parallel\fR is constant, is is checked
-against available CPU cores (if not available, it is decreased) and the maximum
-parallel cost is 4.
-
-You can see all PBKDF parameters for particular LUKS2 keyslot with
-\fIluksDump\fR command.
-
-\fBNOTE:\fR If you do not want to use benchmark and want to specify
-all parameters directly, use \fI\-\-pbkdf\-force\-iterations\fR with
-\fI\-\-pbkdf\-memory\fR and \fI\-\-pbkdf\-parallel\fR.
-This will override the values without benchmarking.
-Note it can cause extremely long unlocking time. Use only in specific
-cases, for example, if you know that the formatted device will
-be used on some small embedded system.
-In this case, the LUKS PBKDF2 digest will be set to the minimum iteration count.
-.TP
-.B "\-\-iter\-time, \-i <number of milliseconds>"
-The number of milliseconds to spend with PBKDF passphrase processing.
-This option is only relevant for LUKS operations that set or change
-passphrases, such as \fIluksFormat\fR or \fIluksAddKey\fR.
-Specifying 0 as parameter selects the compiled-in default.
-.TP
-.B "\-\-pbkdf\-memory <number>"
-Set the memory cost for PBKDF (for Argon2i/id the number represents kilobytes).
-Note that it is maximal value, PBKDF benchmark or available physical memory
-can decrease it.
-This option is not available for PBKDF2.
-.TP
-.B "\-\-pbkdf\-parallel <number>"
-Set the parallel cost for PBKDF (number of threads, up to 4).
-Note that it is maximal value, it is decreased automatically if
-CPU online count is lower.
-This option is not available for PBKDF2.
-.TP
-.B "\-\-pbkdf\-force\-iterations <num>"
-Avoid PBKDF benchmark and set time cost (iterations) directly.
-It can be used for LUKS/LUKS2 device only.
-See \fI\-\-pbkdf\fR option for more info.
-.TP
-.B "\-\-batch\-mode, \-q"
-Suppresses all confirmation questions. Use with care!
-
-If the \-y option is not specified, this option also switches off
-the passphrase verification for \fIluksFormat\fR.
-.TP
-.B "\-\-progress-frequency <seconds>"
-Print separate line every <seconds> with wipe progress.
-.TP
-.B "\-\-timeout, \-t <number of seconds>"
-The number of seconds to wait before timeout on passphrase input
-via terminal. It is relevant every time a passphrase is asked,
-for example for \fIopen\fR, \fIluksFormat\fR or \fIluksAddKey\fR.
-It has no effect if used in conjunction with \-\-key-file.
-.br
-This option is useful when the system
-should not stall if the user does not input a passphrase,
-e.g. during boot. The default is a value of 0 seconds,
-which means to wait forever.
-.TP
-.B "\-\-tries, \-T"
-How often the input of the passphrase shall be retried.
-This option is relevant
-every time a passphrase is asked, for example for
-\fIopen\fR, \fIluksFormat\fR or \fIluksAddKey\fR.
-The default is 3 tries.
-.TP
-.B "\-\-align\-payload <number of 512 byte sectors>"
-Align payload at a boundary of \fIvalue\fR 512-byte sectors.
-This option is relevant for \fIluksFormat\fR.
-
-If not specified, cryptsetup tries to use the topology info
-provided by the kernel for the underlying device to get the optimal alignment.
-If not available (or the calculated value is a multiple of the default)
-data is by default aligned to a 1MiB boundary (i.e. 2048 512-byte sectors).
-
-For a detached LUKS header, this option specifies the offset on the
-data device. See also the \-\-header option.
-
-\fBWARNING:\fR This option is DEPRECATED and has often unexpected impact
-to the data offset and keyslot area size (for LUKS2) due to the complex rounding.
-For fixed data device offset use \fI\-\-offset\fR option instead.
-
-.TP
-.B "\-\-uuid=\fIUUID\fR"
-Use the provided \fIUUID\fR for the \fIluksFormat\fR command
-instead of generating a new one. Changes the existing UUID when
-used with the \fIluksUUID\fR command.
-
-The UUID must be provided in the standard UUID format,
-e.g. 12345678-1234-1234-1234-123456789abc.
-.TP
-.B "\-\-allow\-discards\fR"
-Allow the use of discard (TRIM) requests for the device.
-This option is only relevant for \fIopen\fR action.
-This is also not supported for LUKS2 devices with data integrity protection.
-
-\fBWARNING:\fR This command can have a negative security impact
-because it can make filesystem-level operations visible on
-the physical device. For example, information leaking
-filesystem type, used space, etc. may be extractable from
-the physical device if the discarded blocks can be located
-later. If in doubt, do not use it.
-
-A kernel version of 3.1 or later is needed. For earlier kernels,
-this option is ignored.
-.TP
-.B "\-\-perf\-same_cpu_crypt\fR"
-Perform encryption using the same cpu that IO was submitted on.
-The default is to use an unbound workqueue so that encryption work
-is automatically balanced between available CPUs.
-This option is only relevant for \fIopen\fR action.
-
-\fBNOTE:\fR This option is available only for low-level dm-crypt
-performance tuning, use only if you need a change to default dm-crypt
-behaviour. Needs kernel 4.0 or later.
-.TP
-.B "\-\-perf\-submit_from_crypt_cpus\fR"
-Disable offloading writes to a separate thread after encryption.
-There are some situations where offloading write bios from the
-encryption threads to a single thread degrades performance
-significantly.  The default is to offload write bios to the same
-thread.
-This option is only relevant for \fIopen\fR action.
-
-\fBNOTE:\fR This option is available only for low-level dm-crypt
-performance tuning, use only if you need a change to default dm-crypt
-behaviour. Needs kernel 4.0 or later.
-.TP
-.B "\-\-perf\-no_read_workqueue, \-\-perf\-no_write_workqueue\fR"
-Bypass dm-crypt internal workqueue and process read or write requests
-synchronously.
-This option is only relevant for \fIopen\fR action.
-
-\fBNOTE:\fR These options are available only for low-level dm-crypt
-performance tuning, use only if you need a change to default dm-crypt
-behaviour. Needs kernel 5.9 or later.
-.TP
-.B "\-\-test\-passphrase\fR"
-Do not activate the device, just verify passphrase.
-This option is only relevant for \fIopen\fR action (the device
-mapping name is not mandatory if this option is used).
-.TP
-.B "\-\-header\fR <device or file storing the LUKS header>"
-Use a detached (separated) metadata device or file where the
-LUKS header is stored. This option allows one to store ciphertext
-and LUKS header on different devices.
-
-This option is only relevant for LUKS devices and can be
-used with the \fIluksFormat\fR, \fIopen\fR, \fIluksSuspend\fR,
-\fIluksResume\fR, \fIstatus\fR and \fIresize\fR commands.
-
-For \fIluksFormat\fR with a file name as the argument to \-\-header,
-the file will be automatically created if it does not exist.
-See the cryptsetup FAQ for header size calculation.
-
-For other commands that change the LUKS header (e.g. \fIluksAddKey\fR),
-specify the device or file with the LUKS header directly as the
-LUKS device.
-
-If used with \fIluksFormat\fR, the \-\-align\-payload option is taken
-as absolute sector alignment on ciphertext device and can be zero.
-
-\fBWARNING:\fR There is no check whether the ciphertext device specified
-actually belongs to the header given. In fact, you can specify an
-arbitrary device as the ciphertext device for \fIopen\fR
-with the \-\-header option. Use with care.
-.TP
-.B "\-\-header\-backup\-file <file>"
-Specify file with header backup for \fIluksHeaderBackup\fR or
-\fIluksHeaderRestore\fR actions.
-.TP
-.B "\-\-force\-password"
-Do not use password quality checking for new LUKS passwords.
-
-This option applies only to \fIluksFormat\fR, \fIluksAddKey\fR and
-\fIluksChangeKey\fR and is ignored if cryptsetup is built without
-password quality checking support.
-
-For more info about password quality check, see the manual page
-for \fBpwquality.conf(5)\fR and \fBpasswdqc.conf(5)\fR.
-.TP
-.B "\-\-deferred"
-Defers device removal in \fIclose\fR command until the last user closes it.
-.TP
-.B "\-\-disable\-locks"
-Disable lock protection for metadata on disk.
-This option is valid only for LUKS2 and ignored for other formats.
-
-\fBWARNING:\fR Do not use this option unless you run cryptsetup in
-a restricted environment where locking is impossible to perform
-(where /run directory cannot be used).
-.TP
-.B "\-\-disable\-keyring"
-Do not load volume key in kernel keyring and store it directly
-in the dm-crypt target instead.
-This option is supported only for the LUKS2 format.
-.TP
-.B "\-\-key\-description <text>"
-Set key description in keyring for use with \fItoken\fR command.
-.TP
-.B "\-\-priority <normal|prefer|ignore>"
-Set a priority for LUKS2 keyslot.
-The \fIprefer\fR priority marked slots are tried before \fInormal\fR priority.
-The \fIignored\fR priority means, that slot is never used, if not explicitly
-requested by \fI\-\-key\-slot\fR option.
-.TP
-.B "\-\-token\-id"
-Specify what token to use in actions \fItoken\fR, \fIopen\fR or \fIresize\fR.
-If omitted, all available tokens will be checked before proceeding further with
-passphrase prompt.
-.TP
-.B "\-\-token\-only"
-Do not proceed further with action (any of \fItoken\fR, \fIopen\fR or
-\fIresize\fR) if token activation failed. Without the option,
-action asks for passphrase to proceed further.
-.TP
-.B "\-\-sector\-size <bytes>"
-Set sector size for use with disk encryption. It must be power of two
-and in range 512 - 4096 bytes. The default is 512 bytes sectors.
-This option is available only in the LUKS2 mode.
-
-Note that if sector size is higher than underlying device hardware sector
-and there is not integrity protection that uses data journal, using
-this option can increase risk on incomplete sector writes during a power fail.
-
-If used together with \fI\-\-integrity\fR option and dm-integrity journal,
-the atomicity of writes is guaranteed in all cases (but it cost write
-performance - data has to be written twice).
-
-Increasing sector size from 512 bytes to 4096 bytes can provide better
-performance on most of the modern storage devices and also with some
-hw encryption accelerators.
-.TP
-.B "\-\-iv-large-sectors"
-Count Initialization Vector (IV) in larger sector size (if set) instead
-of 512 bytes sectors. This option can be used only for \fIopen\fR command
-and \fIplain\fR encryption type.
-
-\fBNOTE:\fR This option does not have any performance or security impact,
-use it only for accessing incompatible existing disk images from other systems
-that require this option.
-.TP
-.B "\-\-persistent"
-If used with LUKS2 devices and activation commands like \fIopen\fR or \fIrefresh\fR,
-the specified activation flags are persistently written into metadata
-and used next time automatically even for normal activation.
-(No need to use cryptab or other system configuration files.)
-
-If you need to remove a persistent flag, use \fI\-\-persistent\fR without
-the flag you want to remove (e.g. to disable persistently stored discard flag,
-use \fI\-\-persistent\fR without \fI\-\-allow-discards\fR).
-
-Only \fI\-\-allow-discards\fR, \fI\-\-perf\-same_cpu_crypt\fR,
-\fI\-\-perf\-submit_from_crypt_cpus\fR, \fI\-\-perf\-no_read_workqueue\fR,
-\fI\-\-perf\-no_write_workqueue\fR and \fI\-\-integrity\-no\-journal\fR
-can be stored persistently.
-.TP
-.B "\-\-refresh"
-Refreshes an active device with new set of parameters. See action \fIrefresh\fR description
-for more details.
-.TP
-.B "\-\-label <LABEL>"
-.B "\-\-subsystem <SUBSYSTEM>"
-Set label and subsystem description for LUKS2 device, can be used
-in \fIconfig\fR and \fIformat\fR actions.
-The label and subsystem are optional fields and can be later used in udev scripts
-for triggering user actions once device marked by these labels is detected.
-.TP
-.B "\-\-integrity <integrity algorithm>"
-Specify integrity algorithm to be used for authenticated disk encryption in LUKS2.
-
-\fBWARNING: This extension is EXPERIMENTAL\fR and requires dm-integrity
-kernel target (available since kernel version 4.12).
-For native AEAD modes, also enable "User-space interface for AEAD cipher algorithms"
-in "Cryptographic API" section (CONFIG_CRYPTO_USER_API_AEAD .config option).
-
-For more info, see \fIAUTHENTICATED DISK ENCRYPTION\fR section.
-.TP
-.B "\-\-luks2\-metadata\-size <size>"
-This option can be used to enlarge the LUKS2 metadata (JSON) area.
-The size includes 4096 bytes for binary metadata (usable JSON area is smaller
-of the binary area).
-According to LUKS2 specification, only these values are valid:
-16, 32, 64, 128, 256, 512, 1024, 2048 and 4096 kB
-The <size> can be specified with unit suffix (for example 128k).
-.TP
-.B "\-\-luks2\-keyslots\-size <size>"
-This option can be used to set specific size of the LUKS2 binary keyslot area
-(key material is encrypted there). The value must be aligned to multiple
-of 4096 bytes with maximum size 128MB.
-The <size> can be specified with unit suffix (for example 128k).
-.TP
-.B "\-\-keyslot\-cipher <cipher\-spec>"
-This option can be used to set specific cipher encryption for the LUKS2 keyslot area.
-.TP
-.B "\-\-keyslot\-key\-size <bits>"
-This option can be used to set specific key size for the LUKS2 keyslot area.
-.TP
-.B "\-\-integrity\-no\-journal"
-Activate device with integrity protection without using data journal (direct
-write of data and integrity tags).
-Note that without journal power fail can cause non-atomic write and data corruption.
-Use only if journalling is performed on a different storage layer.
-.TP
-.B "\-\-integrity\-no\-wipe"
-Skip wiping of device authentication (integrity) tags. If you skip this
-step, sectors will report invalid integrity tag until an application write
-to the sector.
-
-\fBNOTE:\fR Even some writes to the device can fail if the write is not
-aligned to page size and page-cache initiates read of a sector with invalid
-integrity tag.
-.TP
-.B "\-\-unbound"
-
-Creates new or dumps existing LUKS2 unbound keyslot. See \fIluksAddKey\fR or
-\fIluksDump\fR actions for more details.
-
-.TP
-.B "\-\-tcrypt\-hidden"
-.B "\-\-tcrypt\-system"
-.B "\-\-tcrypt\-backup"
-Specify which TrueCrypt on-disk header will be used to open the device.
-See \fITCRYPT\fR section for more info.
-.TP
-.B "\-\-veracrypt"
-Allow VeraCrypt compatible mode. Only for TCRYPT extension.
-See \fITCRYPT\fR section for more info.
-.TP
-.B "\-\-veracrypt\-pim"
-.B "\-\-veracrypt\-query\-pim"
-Use a custom Personal Iteration Multiplier (PIM) for VeraCrypt device.
-See \fITCRYPT\fR section for more info.
-.TP
-.B "\-\-serialize\-memory\-hard\-pbkdf"
-Use a global lock to serialize unlocking of keyslots using memory-hard PBKDF.
-
-\fBNOTE:\fR This is (ugly) workaround for a specific situation when multiple
-devices are activated in parallel and system instead of reporting out of memory
-starts unconditionally stop processes using out-of-memory killer.
-
-\fBDO NOT USE\fR this switch until you are implementing boot environment
-with parallel devices activation!
-.TP
-.B "\-\-encrypt"
-Initialize (and run) device encryption (\fIreencrypt\fR action parameter)
-.TP
-.B "\-\-decrypt"
-Initialize (and run) device decryption (\fIreencrypt\fR action parameter)
-.TP
-.B "\-\-init\-only"
-Initialize reencryption (any variant) operation in LUKS2 metadata only and exit. If any
-reencrypt operation is already initialized in metadata, the command with \-\-init\-only
-parameter fails.
-.TP
-.B "\-\-resume\-only"
-Resume reencryption (any variant) operation already described in LUKS2 metadata. If no
-reencrypt operation is initialized, the command with \-\-resume\-only
-parameter fails. Useful for resuming reencrypt operation without accidentally triggering
-new reencryption operation.
-.TP
-.B "\-\-resilience <mode>"
-Reencryption resilience mode can be one of \fIchecksum\fR, \fIjournal\fR or \fInone\fR.
-
-\fIchecksum\fR: default mode, where individual checksums of ciphertext hotzone sectors are stored,
-so the recovery process can detect which sectors where already reencrypted.
-It requires that the device sector write is atomic.
-
-\fIjournal\fR: the hotzone is journaled in the binary area (so the data are written twice).
-
-\fInone\fR: performance mode. There is no protection and the only way it's safe to interrupt
-the reencryption is similar to old offline reencryption utility. (ctrl+c).
-
-The option is ignored if reencryption with datashift mode is in progress.
-.TP
-.B "\-\-resilience-hash <hash>"
-The hash algorithm used with "\-\-resilience checksum" only.
-The default hash is sha256. With other resilience modes, the hash parameter is ignored.
-.TP
-.B "\-\-hotzone-size <size>"
-This option can be used to set an upper limit on the size of reencryption area (hotzone).
-The <size> can be specified with unit suffix (for example 50M). Note that actual hotzone
-size may be less than specified <size> due to other limitations (free space in keyslots area or
-available memory).
-.TP
-.B "\-\-reduce\-device\-size <size>"
-Initialize LUKS2 reencryption with data device size reduction
-(currently only \-\-encrypt variant is supported).
-
-Last <size> sectors of <device> will be used to properly initialize device reencryption.
-That means any data at last <size> sectors will be lost.
-
-It could be useful if you added some space to underlying partition or logical volume
-(so last <size> sectors contains no data).
-
-Recommended minimal size is twice the default LUKS2 header size (\-\-reduce\-device\-size 32M)
-for \-\-encrypt use case. Be sure to have enough (at least \-\-reduce\-device\-size value
-	of free space at the end of <device>).
-
-WARNING: This is a destructive operation and cannot be reverted.
-Use with extreme care - accidentally overwritten filesystems are usually unrecoverable.
-.TP
-.B "\-\-version"
-Show the program version.
-.TP
-.B "\-\-usage"
-Show short option help.
-.TP
-.B "\-\-help, \-?"
-Show help text and default parameters.
-.SH EXAMPLE
-.TP
-Example 1: Create LUKS 2 container on block device /dev/sdX.
-sudo cryptsetup --type luks2 luksFormat /dev/sdX
-.TP
-Example 2: Add an additional passphrase to key slot 5.
-sudo cryptsetup luksAddKey --key-slot 5 /dev/sdX
-.TP
-Example 3: Create LUKS header backup and save it to file.
-sudo cryptsetup luksHeaderBackup /dev/sdX --header-backup-file /var/tmp/NameOfBackupFile
-.TP
-Example 4: Open LUKS contaner on /dev/sdX and map it to sdX_crypt.
-sudo cryptsetup open /dev/sdX sdX_crypt
-.TP
-.B WARNING: The command in example 5 will erase all key slots.
-Your cannot use your luks container afterwards anymore unless you have a backup to restore.
-.TP
-Example 5: Erase all key slots on /dev/sdX.
-sudo cryptsetup erase /dev/sdX
-.TP
-Example 6: Restore LUKS header from backup file.
-sudo cryptsetup luksHeaderRestore /dev/sdX --header-backup-file /var/tmp/NameOfBackupFile
-.SH RETURN CODES
-Cryptsetup returns 0 on success and a non-zero value on error.
-
-Error codes are: 1 wrong parameters, 2 no permission (bad passphrase),
-3 out of memory, 4 wrong device specified, 5 device already exists
-or device is busy.
-.SH NOTES ON PASSPHRASE PROCESSING FOR PLAIN MODE
-Note that no iterated hashing or salting is done in plain mode.
-If hashing is done, it is a single direct hash. This means that
-low-entropy passphrases are easy to attack in plain mode.
-
-\fBFrom a terminal\fR: The passphrase is read until the
-first newline, i.e. '\\n'.
-The input without the newline character is processed with
-the default hash or the hash specified with \-\-hash.
-The hash result will be truncated to the key size
-of the used cipher, or the size specified with \-s.
-
-\fBFrom stdin\fR: Reading will continue until a newline (or until
-the maximum input size is reached), with the trailing newline
-stripped. The maximum input size is defined by the same
-compiled-in default as for the maximum key file size and can
-be overwritten using \-\-keyfile-size option.
-
-The data read will be hashed with the default hash
-or the hash specified with \-\-hash.
-The hash result will be truncated to the key size
-of the used cipher, or the size specified with \-s.
-
-Note that if \-\-key-file=- is used for reading the key
-from stdin, trailing newlines are not stripped from the input.
-
-If "plain" is used as argument to \-\-hash, the input
-data will not be hashed. Instead, it will be zero padded (if
-shorter than the key size) or truncated (if longer than the
-key size) and used directly as the binary key. This is useful for
-directly specifying a binary key.
-No warning will be given if the amount of data read from stdin is
-less than the key size.
-
-\fBFrom a key file\fR: It will be truncated to the
-key size of the used cipher or the size given by \-s
-and directly used as a binary key.
-
-\fBWARNING\fR: The \-\-hash argument is being ignored.
-The \-\-hash option is usable only for stdin input in plain mode.
-
-If the key file is shorter than the key, cryptsetup
-will quit with an error.
-The maximum input size is defined by the same
-compiled-in default as for the maximum key file size and can
-be overwritten using \-\-keyfile-size option.
-
-
-.SH NOTES ON PASSPHRASE PROCESSING FOR LUKS
-LUKS uses PBKDF2 to protect against dictionary attacks
-and to give some protection to low-entropy passphrases
-(see RFC 2898 and the cryptsetup FAQ).
-
-\fBFrom a terminal\fR: The passphrase is read until the
-first newline and then processed by PBKDF2 without
-the newline character.
-
-\fBFrom stdin\fR:
-LUKS will read passphrases from stdin up to the
-first newline character or the compiled-in
-maximum key file length. If \-\-keyfile\-size is
-given, it is ignored.
-
-\fBFrom key file\fR:
-The complete keyfile is read up to the compiled-in
-maximum size. Newline characters do not terminate the
-input. The \-\-keyfile\-size option can be used to limit
-what is read.
-
-\fBPassphrase processing\fR:
-Whenever a passphrase is added to a LUKS header (luksAddKey, luksFormat),
-the user may specify how much the time the passphrase processing
-should consume. The time is used to determine the iteration count
-for PBKDF2 and higher times will offer better protection for
-low-entropy passphrases, but open will take longer to
-complete. For passphrases that have entropy higher than the
-used key length, higher iteration times will not increase security.
-
-The default setting of one or two seconds is sufficient for most
-practical cases. The only exception is a low-entropy
-passphrase used on a device with a slow CPU, as this will
-result in a low iteration count. On a slow device, it may
-be advisable to increase the iteration time using the
-\-\-iter\-time option in order to obtain a higher
-iteration count. This does slow down all later luksOpen
-operations accordingly.
-.SH INCOHERENT BEHAVIOR FOR INVALID PASSPHRASES/KEYS
-LUKS checks for a valid passphrase when an encrypted partition
-is unlocked. The behavior of plain dm-crypt is different.
-It will always decrypt with the passphrase given. If the
-given passphrase is wrong, the device mapped by plain
-dm-crypt will essentially still contain encrypted data and
-will be unreadable.
-.SH NOTES ON SUPPORTED CIPHERS, MODES, HASHES AND KEY SIZES
-The available combinations of ciphers, modes, hashes and key sizes
-depend on kernel support. See /proc/crypto for a list of available
-options. You might need to load additional kernel crypto modules
-in order to get more options.
-
-For the \-\-hash option, if the crypto backend is libgcrypt,
-then all algorithms supported by the gcrypt library are available.
-For other crypto backends, some algorithms may be missing.
-.SH NOTES ON PASSPHRASES
-Mathematics can't be bribed. Make sure you keep your passphrases safe.
-There are a few nice tricks for constructing a fallback, when suddenly
-out of the blue, your brain refuses to cooperate.
-These fallbacks need LUKS, as it's only possible with LUKS
-to have multiple passphrases. Still, if your attacker model does
-not prevent it, storing your passphrase in a sealed envelope somewhere
-may be a good idea as well.
-.SH NOTES ON RANDOM NUMBER GENERATORS
-Random Number Generators (RNG) used in cryptsetup are always the
-kernel RNGs without any modifications or additions to data stream
-produced.
-
-There are two types of randomness cryptsetup/LUKS needs. One type
-(which always uses /dev/urandom) is used for salts, the AF splitter
-and for wiping deleted keyslots.
-
-The second type is used for the volume (master) key. You can switch
-between using /dev/random and /dev/urandom  here, see
-\fP\-\-use\-random\fR and \fP\-\-use\-urandom\fR
-options. Using /dev/random on a system without enough entropy sources
-can cause \fPluksFormat\fR to block until the requested amount of
-random data is gathered. In a low-entropy situation (embedded system),
-this can take a very long time and potentially forever. At the same
-time, using /dev/urandom in a low-entropy situation will
-produce low-quality keys. This is a serious problem, but solving
-it is out of scope for a mere man-page.
-See \fPurandom(4)\fR for more information.
-.SH AUTHENTICATED DISK ENCRYPTION (EXPERIMENTAL)
-Since Linux kernel version 4.12 dm-crypt supports authenticated
-disk encryption.
-
-Normal disk encryption modes are length-preserving (plaintext sector
-is of the same size as a ciphertext sector) and can provide only
-confidentiality protection, but not cryptographically sound
-data integrity protection.
-
-Authenticated modes require additional space per-sector for
-authentication tag and use Authenticated Encryption with Additional
-Data (AEAD) algorithms.
-
-If you configure LUKS2 device with data integrity protection,
-there will be an underlying dm-integrity device, which provides
-additional per-sector metadata space and also provide data
-journal protection to ensure atomicity of data and metadata update.
-Because there must be additional space for metadata and journal,
-the available space for the device will be smaller than for
-length-preserving modes.
-
-The dm-crypt device then resides on top of such a dm-integrity device.
-All activation and deactivation of this device stack is performed
-by cryptsetup, there is no difference in using \fIluksOpen\fR
-for integrity protected devices.
-If you want to format LUKS2 device with data integrity protection,
-use \fI\-\-integrity\fR option.
-
-Since dm-integrity doesn't support discards (TRIM), dm-crypt device on top of it
-inherits this, so integrity protection mode doesn't support discards either.
-
-Some integrity modes requires two independent keys (key for encryption
-and for authentication). Both these keys are stored in one LUKS keyslot.
-
-\fBWARNING:\fR All support for authenticated modes is experimental
-and there are only some modes available for now. Note that there
-are a very few authenticated encryption algorithms that are suitable
-for disk encryption. You also cannot use CRC32 or any other non-cryptographic
-checksums (other than the special integrity mode "none"). If for some reason
-you want to have integrity control without using authentication mode, then you
-should separately configure dm-integrity independently of LUKS2.
-
-.SH NOTES ON LOOPBACK DEVICE USE
-Cryptsetup is usually used directly on a block device (disk
-partition or LVM volume). However, if the device argument is a
-file, cryptsetup tries to allocate a loopback device
-and map it into this file. This mode requires Linux kernel 2.6.25
-or more recent which supports the loop autoclear flag (loop device is
-cleared on the last close automatically). Of course, you can
-always map a file to a loop-device manually. See the
-cryptsetup FAQ for an example.
-
-When device mapping is active, you can see the loop backing file in
-the status command output. Also see losetup(8).
-.SH LUKS2 header locking
-.PP
-The LUKS2 on-disk metadata is updated in several steps and
-to achieve proper atomic update, there is a locking mechanism.
-For an image in file, code uses \fIflock(2)\fR system call.
-For a block device, lock is performed over a special file stored
-in a locking directory (by default \fI/run/lock/cryptsetup\fR).
-The locking directory should be created with the proper security
-context by the distribution during the boot-up phase.
-Only LUKS2 uses locks, other formats do not use this mechanism.
-.SH DEPRECATED ACTIONS
-.PP
-The \fIreload\fR action is no longer supported.
-Please use \fIdmsetup(8)\fR if you need to
-directly manipulate with the device mapping table.
-.PP
-The \fIluksDelKey\fR was replaced with \fIluksKillSlot\fR.
-.PP
-.SH REPORTING BUGS
-Report bugs, including ones in the documentation, on
-the cryptsetup mailing list at <dm-crypt@saout.de>
-or in the 'Issues' section on LUKS website.
-Please attach the output of the failed command with the
-\-\-debug option added.
-.SH AUTHORS
-cryptsetup originally written by Jana Saout <jana@saout.de>
-.br
-The LUKS extensions and original man page were written by
-Clemens Fruhwirth <clemens@endorphin.org>.
-.br
-Man page extensions by Milan Broz <gmazyland@gmail.com>.
-.br
-Man page rewrite and extension by Arno Wagner <arno@wagner.name>.
-.SH COPYRIGHT
-Copyright \(co 2004 Jana Saout
-.br
-Copyright \(co 2004-2006 Clemens Fruhwirth
-.br
-Copyright \(co 2012-2014 Arno Wagner
-.br
-Copyright \(co 2009-2021 Red Hat, Inc.
-.br
-Copyright \(co 2009-2021 Milan Broz
-
-This is free software; see the source for copying conditions.  There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-.SH SEE ALSO
-The LUKS website at \fBhttps://gitlab.com/cryptsetup/cryptsetup/\fR
-
-The cryptsetup FAQ, contained in the distribution package and
-online at
-\fBhttps://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions\fR
-
-The cryptsetup mailing list and list archive, see FAQ entry 1.6.
-
-The LUKS version 1 on-disk format specification available at
-\fBhttps://gitlab.com/cryptsetup/cryptsetup/wikis/Specification\fR and
-LUKS version 2 at \fBhttps://gitlab.com/cryptsetup/LUKS2-docs\fR.
diff --git a/man/cryptsetup.8.adoc b/man/cryptsetup.8.adoc
new file mode 100644
index 0000000..ddd3a12
--- /dev/null
+++ b/man/cryptsetup.8.adoc
@@ -0,0 +1,729 @@
+= cryptsetup(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+
+== Name
+
+cryptsetup - manage plain dm-crypt, LUKS, and other encrypted volumes
+
+== SYNOPSIS
+
+*cryptsetup <action> [<options>] <action args>*
+
+== DESCRIPTION
+
+cryptsetup is used to conveniently setup dm-crypt managed device-mapper
+mappings. These include plain dm-crypt volumes and LUKS volumes. The
+difference is that LUKS uses a metadata header and can hence offer more
+features than plain dm-crypt. On the other hand, the header is visible
+and vulnerable to damage.
+
+In addition, cryptsetup provides limited support for the use of loop-AES
+volumes, TrueCrypt, VeraCrypt, BitLocker and FileVault2 compatible volumes.
+
+For more information about specific cryptsetup action see
+*cryptsetup-<action>*(8), where *<action>* is the name of the
+cryptsetup action.
+
+== BASIC ACTIONS
+
+The following are valid actions for all supported device types.
+
+=== OPEN
+*open <device> <name> --type <device_type>*
+
+Opens (creates a mapping with) <name> backed by device <device>. +
+See *cryptsetup-open*(8).
+
+=== CLOSE
+*close <name>*
+
+Removes the existing mapping <name> and wipes the key from kernel memory. +
+See *cryptsetup-close*(8).
+
+=== STATUS
+*status <name>*
+
+Reports the status for the mapping <name>. +
+See *cryptsetup-status*(8).
+
+=== RESIZE
+*resize <name>*
+
+Resizes an active mapping <name>. +
+See *cryptsetup-resize*(8).
+
+=== REFRESH
+*refresh <name>*
+
+Refreshes parameters of active mapping <name>. +
+See *cryptsetup-refresh*(8).
+
+=== REENCRYPT
+*reencrypt <device> or --active-name <name> [<new_name>]*
+
+Run LUKS device reencryption. +
+See *cryptsetup-reencrypt*(8).
+
+== PLAIN MODE
+
+Plain dm-crypt encrypts the device sector-by-sector with a single,
+non-salted hash of the passphrase. No checks are performed, no metadata
+is used. There is no formatting operation. When the raw device is mapped
+(opened), the usual device operations can be used on the mapped device,
+including filesystem creation. Mapped devices usually reside in
+/dev/mapper/<name>.
+
+The following are valid plain device type actions:
+
+=== OPEN
+*open --type plain <device> <name>* +
+create <name> <device> (*OBSOLETE syntax*)
+
+Opens (creates a mapping with) <name> backed by device <device>. +
+See *cryptsetup-open*(8).
+
+== LUKS EXTENSION
+
+LUKS, the Linux Unified Key Setup, is a standard for disk encryption. It
+adds a standardized header at the start of the device, a key-slot area
+directly behind the header and the bulk data area behind that. The whole
+set is called a 'LUKS container'. The device that a LUKS container
+resides on is called a 'LUKS device'. For most purposes, both terms can
+be used interchangeably. But note that when the LUKS header is at a
+nonzero offset in a device, then the device is not a LUKS device
+anymore, but has a LUKS container stored in it at an offset.
+
+LUKS can manage multiple passphrases that can be individually revoked or
+changed and that can be securely scrubbed from persistent media due to
+the use of anti-forensic stripes. Passphrases are protected against
+brute-force and dictionary attacks by Password-Based Key Derivation
+Function (PBKDF).
+
+LUKS2 is a new version of header format that allows additional
+extensions like different PBKDF algorithm or authenticated encryption.
+You can format device with LUKS2 header if you specify *--type luks2* in
+*luksFormat* command. For activation, the format is already recognized
+automatically.
+
+Each passphrase, also called a *key* in this document, is associated
+with one of 8 key-slots. Key operations that do not specify a slot
+affect the first slot that matches the supplied passphrase or the first
+empty slot if a new passphrase is added.
+
+The *<device>* parameter can also be specified by a LUKS UUID in the
+format UUID=<uuid>. Translation to real device name uses symlinks in
+/dev/disk/by-uuid directory.
+
+To specify a detached header, the *--header* parameter can be used in
+all LUKS commands and always takes precedence over the positional
+*<device>* parameter.
+
+The following are valid LUKS actions:
+
+=== FORMAT
+*luksFormat <device> [<key file>]*
+
+Initializes a LUKS partition and sets the initial passphrase (for key-slot 0). +
+See *cryptsetup-luksFormat*(8).
+
+=== OPEN
+*open --type luks <device> <name>* +
+luksOpen <device> <name> (*old syntax*)
+
+Opens the LUKS device <device> and sets up a mapping <name> after
+successful verification of the supplied passphrase. +
+See *cryptsetup-open*(8).
+
+=== SUSPEND
+*luksSuspend <name>*
+
+Suspends an active device (all IO operations will block and accesses to
+the device will wait indefinitely) and wipes the encryption key from
+kernel memory. +
+See *cryptsetup-luksSuspend*(8).
+
+=== RESUME
+*luksResume <name>*
+
+Resumes a suspended device and reinstates the encryption key. +
+See *cryptsetup-luksResume*(8).
+
+=== ADD KEY
+*luksAddKey <device> [<key file with new key>]*
+
+Adds a new passphrase using an existing passphrase. +
+See *cryptsetup-luksAddKey*(8).
+
+=== REMOVE KEY
+*luksRemoveKey <device> [<key file with passphrase to be removed>]*
+
+Removes the supplied passphrase from the LUKS device. +
+See *cryptsetup-luksRemoveKey*(8).
+
+=== CHANGE KEY
+*luksChangeKey <device> [<new key file>]*
+
+Changes an existing passphrase. +
+See *cryptsetup-luksChangeKey*(8).
+
+=== CONVERT KEY
+*luksConvertKey <device>*
+
+Converts an existing LUKS2 keyslot to new PBKDF parameters. +
+See *cryptsetup-luksConvertKey*(8).
+
+=== KILL SLOT
+*luksKillSlot <device> <key slot number>*
+
+Wipe the key-slot number <key slot> from the LUKS device. +
+See *cryptsetup-luksKillSlot*(8).
+
+=== ERASE
+*erase <device>* +
+luksErase <device> (*old syntax*)
+
+Erase all keyslots and make the LUKS container permanently inaccessible. +
+See *cryptsetup-erase*(8).
+
+=== UUID
+*luksUUID <device>*
+
+Print or set the UUID of a LUKS device. +
+See *cryptsetup-luksUUID*(8).
+
+=== IS LUKS
+*isLuks <device>*
+
+Returns true, if <device> is a LUKS device, false otherwise. +
+See *cryptsetup-isLuks*(8).
+
+=== DUMP
+*luksDump <device>*
+
+Dump the header information of a LUKS device. +
+See *cryptsetup-luksDump*(8).
+
+=== HEADER BACKUP
+*luksHeaderBackup <device> --header-backup-file <file>*
+
+Stores a binary backup of the LUKS header and keyslot area. +
+See *cryptsetup-luksHeaderBackup*(8).
+
+=== HEADER RESTORE
+*luksHeaderRestore <device> --header-backup-file <file>*
+
+Restores a binary backup of the LUKS header and keyslot area from the
+specified file. +
+See *cryptsetup-luksHeaderRestore*(8).
+
+=== TOKEN
+*token <add|remove|import|export> <device>*
+
+Manipulate token objects used for obtaining passphrases. +
+See *cryptsetup-token*(8).
+
+=== CONVERT
+*convert <device> --type <format>*
+
+Converts the device between LUKS1 and LUKS2 format (if possible). +
+See *cryptsetup-convert*(8).
+
+=== CONFIG
+*config <device>*
+
+Set permanent configuration options (store to LUKS header). +
+See *cryptsetup-config*(8).
+
+== loop-AES EXTENSION
+
+cryptsetup supports mapping loop-AES encrypted partition using a
+compatibility mode.
+
+=== OPEN
+*open --type loopaes <device> <name> --key-file <keyfile>* +
+loopaesOpen <device> <name> --key-file <keyfile> (*old syntax*)
+
+Opens the loop-AES <device> and sets up a mapping <name>. +
+See *cryptsetup-open*(8).
+
+See also section 7 of the FAQ and http://loop-aes.sourceforge.net[loop-AES]
+for more information regarding loop-AES.
+
+== TCRYPT (TrueCrypt and VeraCrypt compatible) EXTENSION
+
+cryptsetup supports mapping of TrueCrypt, tcplay or VeraCrypt encrypted
+partition using a native Linux kernel API. Header formatting and TCRYPT
+header change is not supported, cryptsetup never changes TCRYPT header
+on-device.
+
+TCRYPT extension requires kernel userspace crypto API to be available
+(introduced in Linux kernel 2.6.38). If you are configuring kernel
+yourself, enable "User-space interface for symmetric key cipher
+algorithms" in "Cryptographic API" section
+(CRYPTO_USER_API_SKCIPHER .config option).
+
+Because TCRYPT header is encrypted, you have to always provide valid
+passphrase and keyfiles.
+
+Cryptsetup should recognize all header variants, except legacy cipher
+chains using LRW encryption mode with 64 bits encryption block (namely
+Blowfish in LRW mode is not recognized, this is limitation of kernel
+crypto API).
+
+VeraCrypt is extension of TrueCrypt header with increased iteration
+count so unlocking can take quite a lot of time.
+
+To open a VeraCrypt device with a custom Personal Iteration Multiplier
+(PIM) value, use either the *--veracrypt-pim=<PIM>* option to directly
+specify the PIM on the command- line or use *--veracrypt-query-pim* to
+be prompted for the PIM.
+
+The PIM value affects the number of iterations applied during key
+derivation. Please refer to
+https://www.veracrypt.fr/en/Personal%20Iterations%20Multiplier%20%28PIM%29.html[PIM]
+for more detailed information.
+
+If you need to disable VeraCrypt device support, use
+*--disable-veracrypt* option.
+
+*NOTE:* Activation with *tcryptOpen* is supported only for cipher chains
+using LRW or XTS encryption modes.
+
+The *tcryptDump* command should work for all recognized TCRYPT devices
+and doesn't require superuser privilege.
+
+To map system device (device with boot loader where the whole encrypted
+system resides) use *--tcrypt-system* option. You can use partition
+device as the parameter (parameter must be real partition device, not an
+image in a file), then only this partition is mapped.
+
+If you have the whole TCRYPT device as a file image and you want to map
+multiple partition encrypted with system encryption, please create
+loopback mapping with partitions first (*losetup -P*, see *losetup(8)*
+man page for more info), and use loop partition as the device parameter.
+
+If you use the whole base device as a parameter, one device for the
+whole system encryption is mapped. This mode is available only for
+backward compatibility with older cryptsetup versions which mapped
+TCRYPT system encryption using the whole device.
+
+To use hidden header (and map hidden device, if available), use
+*--tcrypt-hidden* option.
+
+To explicitly use backup (secondary) header, use *--tcrypt-backup*
+option.
+
+*NOTE:* There is no protection for a hidden volume if the outer volume
+is mounted. The reason is that if there were any protection, it would
+require some metadata describing what to protect in the outer volume and
+the hidden volume would become detectable.
+
+=== OPEN
+*open --type tcrypt <device> <name>* +
+tcryptOpen_ <device> <name> (*old syntax*)
+
+Opens the TCRYPT (a TrueCrypt-compatible) <device> and sets up a mapping
+<name>. +
+See *cryptsetup-open*(8).
+
+=== DUMP
+*tcryptDump <device>*
+
+Dump the header information of a TCRYPT device. +
+See *cryptsetup-tcryptDump*(8).
+
+See also https://en.wikipedia.org/wiki/TrueCrypt[*TrueCrypt*] and
+https://en.wikipedia.org/wiki/VeraCrypt[*VeraCrypt*] pages for more information.
+
+Please note that cryptsetup does not use TrueCrypt or VeraCrypt code, please
+report all problems related to this compatibility extension to the cryptsetup
+project.
+
+== BITLK (Windows BitLocker compatible) EXTENSION
+
+cryptsetup supports mapping of BitLocker and BitLocker to Go encrypted
+partition using a native Linux kernel API. Header formatting and BITLK
+header changes are not supported, cryptsetup never changes BITLK header
+on-device.
+
+BITLK extension requires kernel userspace crypto API to be available
+(for details see TCRYPT section).
+
+Cryptsetup should recognize all BITLK header variants, except legacy
+header used in Windows Vista systems and partially decrypted BitLocker
+devices. Activation of legacy devices encrypted in CBC mode requires at
+least Linux kernel version 5.3 and for devices using Elephant diffuser
+kernel 5.6.
+
+The *bitlkDump* command should work for all recognized BITLK devices and
+doesn't require superuser privilege.
+
+For unlocking with the *open* a password or a recovery passphrase or a
+startup key must be provided.
+
+Additionally unlocking using volume key is supported. You must provide
+BitLocker Full Volume Encryption Key (FVEK) using the --volume-key-file
+option. The key must be decrypted and without the header (only
+128/256/512 bits of key data depending on used cipher and mode).
+
+Other unlocking methods (TPM, SmartCard) are not supported.
+
+=== OPEN
+*open --type bitlk <device> <name>* +
+bitlkOpen <device> <name> (*old syntax*)
+
+Opens the BITLK (a BitLocker-compatible) <device> and sets up a mapping
+<name>. +
+See *cryptsetup-open*(8).
+
+=== DUMP
+*bitlkDump <device>*
+
+Dump the header information of a BITLK device. +
+See *cryptsetup-bitlkDump*(8).
+
+Please note that cryptsetup does not use any Windows BitLocker code,
+please report all problems related to this compatibility extension to
+the cryptsetup project.
+
+== FVAULT2 (Apple macOS FileVault2 compatible) EXTENSION
+
+cryptsetup supports the mapping of FileVault2 (FileVault2 full-disk
+encryption) by Apple for the macOS operating system using a native Linux
+kernel API.
+
+*NOTE:* cryptsetup supports only FileVault2 based on Core Storage and HFS+
+filesystem (introduced in MacOS X 10.7 Lion).
+It does NOT support the new version of FileVault based on the APFS
+filesystem used in recent macOS versions.
+
+Header formatting and FVAULT2 header changes are not supported;
+cryptsetup never changes the FVAULT2 header on-device.
+
+FVAULT2 extension requires kernel userspace crypto API to be available
+(for details, see TCRYPT section) and kernel driver for HFS+ (hfsplus)
+filesystem.
+
+Cryptsetup should recognize the basic configuration for portable drives.
+
+The *fvault2Dump* command should work for all recognized FVAULT2 devices
+and doesn't require superuser privilege.
+
+For unlocking with the *open*, a password must be provided.
+Other unlocking methods are not supported.
+
+=== OPEN
+*open --type fvault2 <device> <name>* +
+fvault2Open <device> <name> (*old syntax*)
+
+Opens the FVAULT2 (a FileVault2-compatible) <device> (usually the second
+partition on the device) and sets up a mapping <name>. +
+See *cryptsetup-open*(8).
+
+=== DUMP
+*fvault2Dump <device>*
+
+Dump the header information of an FVAULT2 device. +
+See *cryptsetup-fvault2Dump*(8).
+
+Note that cryptsetup does not use any macOS code or proprietary
+specifications. Please report all problems related to this compatibility
+extension to the cryptsetup project.
+
+== MISCELLANEOUS ACTIONS
+
+=== REPAIR
+*repair <device>*
+
+Tries to repair the device metadata if possible. Currently supported
+only for LUKS device type. +
+See *cryptsetup-repair*(8).
+
+=== BENCHMARK
+*benchmark <options>*
+
+Benchmarks ciphers and KDF (key derivation function). +
+See *cryptsetup-benchmark*(8).
+
+== PLAIN DM-CRYPT OR LUKS?
+
+Unless you understand the cryptographic background well, use LUKS. With
+plain dm-crypt there are a number of possible user errors that massively
+decrease security. While LUKS cannot fix them all, it can lessen the
+impact for many of them.
+
+== WARNINGS
+
+A lot of good information on the risks of using encrypted storage, on
+handling problems and on security aspects can be found in the
+Cryptsetup FAQ. Read it. Nonetheless, some risks deserve to be
+mentioned here.
+
+*Backup:* Storage media die. Encryption has no influence on that. Backup
+is mandatory for encrypted data as well, if the data has any worth. See
+the Cryptsetup FAQ for advice on how to do a backup of an encrypted
+volume.
+
+*Character encoding:* If you enter a passphrase with special symbols,
+the passphrase can change depending on character encoding. Keyboard
+settings can also change, which can make blind input hard or impossible.
+For example, switching from some ASCII 8-bit variant to UTF-8 can lead
+to a different binary encoding and hence different passphrase seen by
+cryptsetup, even if what you see on the terminal is exactly the same. It
+is therefore highly recommended to select passphrase characters only
+from 7-bit ASCII, as the encoding for 7-bit ASCII stays the same for all
+ASCII variants and UTF-8.
+
+*LUKS header:* If the header of a LUKS volume gets damaged, all data is
+permanently lost unless you have a header-backup. If a key-slot is
+damaged, it can only be restored from a header-backup or if another
+active key-slot with known passphrase is undamaged. Damaging the LUKS
+header is something people manage to do with surprising frequency. This
+risk is the result of a trade-off between security and safety, as LUKS
+is designed for fast and secure wiping by just overwriting header and
+key-slot area.
+
+*Previously used partitions:* If a partition was previously used, it is
+a very good idea to wipe filesystem signatures, data, etc. before
+creating a LUKS or plain dm-crypt container on it. For a quick removal
+of filesystem signatures, use *wipefs*(8). Take care though that this may
+not remove everything. In particular, MD RAID signatures at the end of a
+device may survive. It also does not remove data. For a full wipe,
+overwrite the whole partition before container creation. If you do not
+know how to do that, the cryptsetup FAQ describes several options.
+
+== EXAMPLES
+
+Example 1: Create LUKS 2 container on block device /dev/sdX.::
+  sudo cryptsetup --type luks2 luksFormat /dev/sdX
+Example 2: Add an additional passphrase to key slot 5.::
+  sudo cryptsetup luksAddKey --key-slot 5 /dev/sdX
+Example 3: Create LUKS header backup and save it to file.::
+  sudo cryptsetup luksHeaderBackup /dev/sdX --header-backup-file
+  /var/tmp/NameOfBackupFile
+Example 4: Open LUKS container on /dev/sdX and map it to sdX_crypt.::
+  sudo cryptsetup open /dev/sdX sdX_crypt
+*WARNING: The command in example 5 will erase all key slots.*::
+  Your cannot use your LUKS container afterward anymore unless you have
+  a backup to restore.
+Example 5: Erase all key slots on /dev/sdX.::
+  sudo cryptsetup erase /dev/sdX
+Example 6: Restore LUKS header from backup file.::
+  sudo cryptsetup luksHeaderRestore /dev/sdX --header-backup-file
+  /var/tmp/NameOfBackupFile
+
+== RETURN CODES
+
+Cryptsetup returns *0* on success and a non-zero value on error.
+
+Error codes are: *1* wrong parameters, *2* no permission (bad passphrase),
+*3* out of memory, *4* wrong device specified, *5* device already exists
+or device is busy.
+
+== NOTES
+
+=== Passphrase processing for PLAIN mode
+
+Note that no iterated hashing or salting is done in plain mode. If
+hashing is done, it is a single direct hash. This means that low-entropy
+passphrases are easy to attack in plain mode.
+
+*From a terminal*: The passphrase is read until the first newline, i.e.
+'\n'. The input without the newline character is processed with the
+default hash or the hash specified with --hash. The hash result will be
+truncated to the key size of the used cipher, or the size specified with
+-s.
+
+*From stdin*: Reading will continue until a newline (or until the
+maximum input size is reached), with the trailing newline stripped. The
+maximum input size is defined by the same compiled-in default as for the
+maximum key file size and can be overwritten using --keyfile-size
+option.
+
+The data read will be hashed with the default hash or the hash specified
+with --hash. The hash result will be truncated to the key size of the
+used cipher, or the size specified with -s.
+
+Note that if --key-file=- is used for reading the key from stdin,
+trailing newlines are not stripped from the input.
+
+If "plain" is used as argument to --hash, the input data will not be
+hashed. Instead, it will be zero padded (if shorter than the key size)
+or truncated (if longer than the key size) and used directly as the
+binary key. This is useful for directly specifying a binary key. No
+warning will be given if the amount of data read from stdin is less than
+the key size.
+
+*From a key file*: It will be truncated to the key size of the used
+cipher or the size given by -s and directly used as a binary key.
+
+*WARNING*: The --hash argument is being ignored. The --hash option is
+usable only for stdin input in plain mode.
+
+If the key file is shorter than the key, cryptsetup will quit with an
+error. The maximum input size is defined by the same compiled-in default
+as for the maximum key file size and can be overwritten using
+--keyfile-size option.
+
+=== Passphrase processing for LUKS
+
+LUKS uses PBKDF to protect against dictionary attacks and to give some
+protection to low-entropy passphrases (see cryptsetup FAQ).
+
+*From a terminal*: The passphrase is read until the first newline and
+then processed by PBKDF2 without the newline character.
+
+*From stdin*: LUKS will read passphrases from stdin up to the first
+newline character or the compiled-in maximum key file length. If
+--keyfile-size is given, it is ignored.
+
+*From key file*: The complete keyfile is read up to the compiled-in
+maximum size. Newline characters do not terminate the input. The
+--keyfile-size option can be used to limit what is read.
+
+*Passphrase processing*: Whenever a passphrase is added to a LUKS header
+(luksAddKey, luksFormat), the user may specify how much the time the
+passphrase processing should consume. The time is used to determine the
+iteration count for PBKDF2 and higher times will offer better protection
+for low-entropy passphrases, but open will take longer to complete. For
+passphrases that have entropy higher than the used key length, higher
+iteration times will not increase security.
+
+The default setting of one or two seconds is sufficient for most
+practical cases. The only exception is a low-entropy passphrase used on
+a device with a slow CPU, as this will result in a low iteration count.
+On a slow device, it may be advisable to increase the iteration time
+using the --iter-time option in order to obtain a higher iteration
+count. This does slow down all later luksOpen operations accordingly.
+
+=== Incoherent behavior for invalid passphrases/keys
+
+LUKS checks for a valid passphrase when an encrypted partition is
+unlocked. The behavior of plain dm-crypt is different. It will always
+decrypt with the passphrase given. If the given passphrase is wrong, the
+device mapped by plain dm-crypt will essentially still contain encrypted
+data and will be unreadable.
+
+=== Supported ciphers, modes, hashes and key sizes
+
+The available combinations of ciphers, modes, hashes and key sizes
+depend on kernel support. See /proc/crypto for a list of available
+options. You might need to load additional kernel crypto modules in
+order to get more options.
+
+For the --hash option, if the crypto backend is libgcrypt, then all
+algorithms supported by the gcrypt library are available. For other
+crypto backends, some algorithms may be missing.
+
+=== Notes on passphrases
+
+Mathematics can't be bribed. Make sure you keep your passphrases safe.
+There are a few nice tricks for constructing a fallback, when suddenly
+out of the blue, your brain refuses to cooperate. These fallbacks need
+LUKS, as it's only possible with LUKS to have multiple passphrases.
+Still, if your attacker model does not prevent it, storing your
+passphrase in a sealed envelope somewhere may be a good idea as well.
+
+=== Notes on Random Number Generators
+
+Random Number Generators (RNG) used in cryptsetup are always the kernel
+RNGs without any modifications or additions to data stream produced.
+
+There are two types of randomness cryptsetup/LUKS needs. One type (which
+always uses /dev/urandom) is used for salts, the AF splitter and for
+wiping deleted keyslots.
+
+The second type is used for the volume key. You can switch between using
+/dev/random and /dev/urandom here, see *--use-random* and
+*--use-urandom* options. Using /dev/random on a system without enough
+entropy sources can cause *luksFormat* to block until the requested
+amount of random data is gathered. In a low-entropy situation (embedded
+system), this can take a very long time and potentially forever. At the
+same time, using /dev/urandom in a low-entropy situation will produce
+low-quality keys. This is a serious problem, but solving it is out of
+scope for a mere man-page. See *urandom(4)* for more information.
+
+=== Authenticated disk encryption (EXPERIMENTAL)
+
+Since Linux kernel version 4.12 dm-crypt supports authenticated disk
+encryption.
+
+Normal disk encryption modes are length-preserving (plaintext sector is
+of the same size as a ciphertext sector) and can provide only
+confidentiality protection, but not cryptographically sound data
+integrity protection.
+
+Authenticated modes require additional space per-sector for
+authentication tag and use Authenticated Encryption with Additional Data
+(AEAD) algorithms.
+
+If you configure LUKS2 device with data integrity protection, there will
+be an underlying dm-integrity device, which provides additional
+per-sector metadata space and also provide data journal protection to
+ensure atomicity of data and metadata update. Because there must be
+additional space for metadata and journal, the available space for the
+device will be smaller than for length-preserving modes.
+
+The dm-crypt device then resides on top of such a dm-integrity device.
+All activation and deactivation of this device stack is performed by
+cryptsetup, there is no difference in using *luksOpen* for integrity
+protected devices. If you want to format LUKS2 device with data
+integrity protection, use *--integrity* option.
+
+Since dm-integrity doesn't support discards (TRIM), dm-crypt device on
+top of it inherits this, so integrity protection mode doesn't support
+discards either.
+
+Some integrity modes requires two independent keys (key for encryption
+and for authentication). Both these keys are stored in one LUKS keyslot.
+
+*WARNING:* All support for authenticated modes is experimental and there
+are only some modes available for now. Note that there are a very few
+authenticated encryption algorithms that are suitable for disk
+encryption. You also cannot use CRC32 or any other non-cryptographic
+checksums (other than the special integrity mode "none"). If for some
+reason you want to have integrity control without using authentication
+mode, then you should separately configure dm-integrity independently of
+LUKS2.
+
+=== Notes on loopback device use
+
+Cryptsetup is usually used directly on a block device (disk partition or
+LVM volume). However, if the device argument is a file, cryptsetup tries
+to allocate a loopback device and map it into this file. This mode
+requires Linux kernel 2.6.25 or more recent which supports the loop
+autoclear flag (loop device is cleared on the last close automatically).
+Of course, you can always map a file to a loop-device manually. See the
+cryptsetup FAQ for an example.
+
+When device mapping is active, you can see the loop backing file in the
+status command output. Also see losetup(8).
+
+=== LUKS2 header locking
+
+The LUKS2 on-disk metadata is updated in several steps and to achieve
+proper atomic update, there is a locking mechanism. For an image in
+file, code uses *flock(2)* system call. For a block device, lock is
+performed over a special file stored in a locking directory (by default
+*/run/cryptsetup*). The locking directory should be created with the
+proper security context by the distribution during the boot-up phase.
+Only LUKS2 uses locks, other formats do not use this mechanism.
+
+=== LUKS on-disk format specification
+
+For LUKS on-disk metadata specification see
+https://gitlab.com/cryptsetup/cryptsetup/wikis/Specification[*LUKS1*] and
+https://gitlab.com/cryptsetup/LUKS2-docs[*LUKS2*].
+
+== AUTHORS
+
+Cryptsetup is originally written by mailto:jana@saout.de[Jana Saout]. +
+The LUKS extensions and original man page were written by
+mailto:clemens@endorphin.org[Clemens Fruhwirth]. +
+Man page extensions by mailto:gmazyland@gmail.com[Milan Broz]. +
+Man page rewrite and extension by mailto:arno@wagner.name[Arno Wagner].
+
+include::man/common_footer.adoc[]
diff --git a/man/integritysetup.8 b/man/integritysetup.8
deleted file mode 100644
index cce7760..0000000
--- a/man/integritysetup.8
+++ /dev/null
@@ -1,255 +0,0 @@
-.TH INTEGRITYSETUP "8" "January 2021" "integritysetup" "Maintenance Commands"
-.SH NAME
-integritysetup - manage dm-integrity (block level integrity) volumes
-.SH SYNOPSIS
-.B integritysetup <options> <action> <action args>
-.SH DESCRIPTION
-.PP
-Integritysetup is used to configure dm-integrity managed device-mapper mappings.
-
-Device-mapper integrity target provides read-write transparent integrity
-checking of block devices. The dm-integrity target emulates additional data
-integrity field per-sector. You can use this additional field directly
-with integritysetup utility, or indirectly (for authenticated encryption)
-through cryptsetup.
-
-Integritysetup supports these operations:
-.PP
-\fIformat\fR <device>
-.IP
-Formats <device> (calculates space and dm-integrity superblock and wipes the device).
-
-\fB<options>\fR can be [\-\-data\-device, \-\-batch\-mode, \-\-no\-wipe, \-\-journal\-size,
-\-\-interleave\-sectors, \-\-tag\-size, \-\-integrity, \-\-integrity\-key\-size,
-\-\-integrity\-key\-file, \-\-sector\-size, \-\-progress-frequency]
-
-.PP
-\fIopen\fR <device> <name>
-.br
-\fIcreate\fR <name> <device> (\fBOBSOLETE syntax\fR)
-.IP
-Open a mapping with <name> backed by device <device>.
-
-\fB<options>\fR can be [\-\-data\-device, \-\-batch\-mode, \-\-journal\-watermark,
-\-\-journal\-commit\-time, \-\-buffer\-sectors, \-\-integrity, \-\-integrity\-key\-size,
-\-\-integrity\-key\-file, \-\-integrity\-no\-journal, \-\-integrity\-recalculate,
-\-\-integrity\-recovery\-mode, \-\-allow\-discards]
-
-.PP
-\fIclose\fR <name>
-.IP
-Removes existing mapping <name>.
-
-For backward compatibility, there is \fBremove\fR command alias
-for the \fBclose\fR command.
-.PP
-\fIstatus\fR <name>
-.IP
-Reports status for the active integrity mapping <name>.
-.PP
-\fIdump\fR <device>
-.IP
-Reports parameters from on-disk stored superblock.
-
-.SH OPTIONS
-.TP
-.B "\-\-verbose, \-v"
-Print more information on command execution.
-.TP
-.B "\-\-debug"
-Run in debug mode with full diagnostic logs. Debug output
-lines are always prefixed by '#'.
-.TP
-.B "\-\-version"
-Show the program version.
-.TP
-.B "\-\-batch\-mode"
-Do not ask for confirmation.
-.TP
-.B "\-\-progress-frequency <seconds>"
-Print separate line every <seconds> with wipe progress.
-.TP
-.B "\-\-no\-wipe"
-Do not wipe the device after format. A device that is not initially wiped will contain invalid checksums.
-.TP
-.B "\-\-journal\-size, \-j BYTES"
-Size of the journal.
-.TP
-.B "\-\-interleave\-sectors SECTORS"
-The number of interleaved sectors.
-.TP
-.B "\-\-integrity\-recalculate"
-Automatically recalculate integrity tags in kernel on activation.
-The device can be used during automatic integrity recalculation but becomes fully
-integrity protected only after the background operation is finished.
-This option is available since the Linux kernel version 4.19.
-.TP
-.B "\-\-journal\-watermark PERCENT"
-Journal watermark in percents. When the size of the journal exceeds this watermark,
-the journal flush will be started.
-.TP
-.B "\-\-journal\-commit\-time MS"
-Commit time in milliseconds. When this time passes (and no explicit flush operation was issued),
-the journal is written.
-.TP
-.B "\-\-tag\-size, \-t BYTES"
-Size of the integrity tag per-sector (here the integrity function will store authentication tag).
-
-\fBNOTE:\fR The size can be smaller that output size of the hash function, in that case only
-part of the hash will be stored.
-.TP
-.B "\-\-data\-device"
-Specify a separate data device that contains existing data. The <device> then will contain
-calculated integrity tags and journal for this data device.
-.TP
-.B "\-\-sector\-size, \-s BYTES"
-Sector size (power of two: 512, 1024, 2048, 4096).
-.TP
-.B "\-\-buffer\-sectors SECTORS"
-The number of sectors in one buffer.
-
-The tag area is accessed using buffers, the large buffer size means that the I/O size will
-be larger, but there could be less I/Os issued.
-.TP
-.B "\-\-integrity, \-I ALGORITHM"
-Use internal integrity calculation (standalone mode).
-The integrity algorithm can be CRC (crc32c/crc32) or hash function (sha1, sha256).
-
-For HMAC (hmac-sha256) you have also to specify an integrity key and its size.
-.TP
-.B "\-\-integrity\-key\-size BYTES"
-The size of the data integrity key. Maximum is 4096 bytes.
-.TP
-.B "\-\-integrity\-key\-file FILE"
-The file with the integrity key.
-.TP
-.B "\-\-integrity\-no\-journal, \-D"
-Disable journal for integrity device.
-.TP
-.B "\-\-integrity\-bitmap\-mode. \-B"
-Use alternate bitmap mode (available since Linux kernel 5.2)  where dm-integrity uses bitmap
-instead of a journal. If a bit in the bitmap is 1, the corresponding region's data and integrity tags
-are not synchronized - if the machine crashes, the unsynchronized regions will be recalculated.
-The bitmap mode is faster than the journal mode, because we don't have to write the data
-twice, but it is also less reliable, because if data corruption happens
-when the machine crashes, it may not be detected.
-.TP
-.B "\-\-bitmap\-sectors\-per\-bit SECTORS"
-Number of 512-byte sectors per bitmap bit, the value must be power of two.
-.TP
-.B "\-\-bitmap\-flush\-time MS"
-Bitmap flush time in milliseconds.
-.TP
-
-\fBWARNING:\fR
-In case of a crash, it is possible that the data and integrity tag doesn't match
-if the journal is disabled.
-.TP
-.B "\-\-integrity\-recovery\-mode. \-R"
-Recovery mode (no journal, no tag checking).
-.TP
-
-\fBNOTE:\fR The following options are intended for testing purposes only.
-Using journal encryption does not make sense without encryption the data,
-these options are internally used in authenticated disk encryption with \fBcryptsetup(8)\fR.
-.TP
-.B "\-\-journal\-integrity ALGORITHM"
-Integrity algorithm for journal area.
-See \-\-integrity option for detailed specification.
-.TP
-.B "\-\-journal\-integrity\-key\-size BYTES"
-The size of the journal integrity key. Maximum is 4096 bytes.
-.TP
-.B "\-\-journal\-integrity\-key\-file FILE"
-The file with the integrity key.
-.TP
-.B "\-\-journal\-crypt ALGORITHM"
-Encryption algorithm for journal data area.
-You can use a block cipher here such as cbc-aes or
-a stream cipher, for example, chacha20 or ctr-aes.
-.TP
-.B "\-\-journal\-crypt\-key\-size BYTES"
-The size of the journal encryption key. Maximum is 4096 bytes.
-.TP
-.B "\-\-journal\-crypt\-key\-file FILE"
-The file with the journal encryption key.
-.TP
-.B "\-\-allow\-discards\fR"
-Allow the use of discard (TRIM) requests for the device.
-This option is available since the Linux kernel version 5.7.
-.TP
-The dm-integrity target is available since Linux kernel version 4.12.
-.TP
-\fBNOTE:\fR
-Format and activation of an integrity device always require superuser
-privilege because the superblock is calculated and handled in dm-integrity kernel target.
-
-.SH LEGACY COMPATIBILITY OPTIONS
-.TP
-\fBWARNING:\fR
-Do not use these options until you need compatibility with specific old kernel.
-.TP
-.B "\-\-integrity\-legacy\-padding"
-Use inefficient legacy padding.
-.TP
-.B "\-\-integrity\-legacy\-hmac"
-Use old flawed HMAC calclation (also does not protect superblock).
-.TP
-.B "\-\-integrity\-legacy\-recalculate"
-Allow insecure recalculating of volumes with HMAC keys (recalcualtion offset in superblock
-is not protected).
-
-.SH RETURN CODES
-Integritysetup returns 0 on success and a non-zero value on error.
-
-Error codes are:
-    1 wrong parameters
-    2 no permission
-    3 out of memory
-    4 wrong device specified
-    5 device already exists, or device is busy.
-
-.SH EXAMPLES
-Format the device with default standalone mode (CRC32C):
-
-.B "integritysetup format <device>"
-
-Open the device with default parameters:
-
-.B "integritysetup open <device> test"
-
-Format the device in standalone mode for use with HMAC(SHA256):
-
-.B "integritysetup format <device> \-\-tag\-size 32 \-\-integrity hmac\-sha256 \
-\-\-integrity\-key\-file <keyfile> \-\-integrity\-key\-size <key_bytes>"
-
-Open (activate) the device with HMAC(SHA256) and HMAC key in file:
-
-.B "integritysetup open <device> test \-\-integrity hmac\-sha256 \
-\-\-integrity\-key\-file <keyfile> \-\-integrity\-key\-size <key_bytes>"
-
-Dump dm-integrity superblock information:
-
-.B "integritysetup dump <device>"
-
-.SH REPORTING BUGS
-Report bugs, including ones in the documentation, on
-the cryptsetup mailing list at <dm-crypt@saout.de>
-or in the 'Issues' section on LUKS website.
-Please attach the output of the failed command with the
-\-\-debug option added.
-.SH AUTHORS
-The integritysetup tool is written by Milan Broz <gmazyland@gmail.com>
-and is part of the cryptsetup project.
-.SH COPYRIGHT
-Copyright \(co 2016-2021 Red Hat, Inc.
-.br
-Copyright \(co 2016-2021 Milan Broz
-
-This is free software; see the source for copying conditions.  There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-.SH SEE ALSO
-The project website at \fBhttps://gitlab.com/cryptsetup/cryptsetup\fR
-
-The integrity on-disk format specification available at
-\fBhttps://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity\fR
diff --git a/man/integritysetup.8.adoc b/man/integritysetup.8.adoc
new file mode 100644
index 0000000..2aec1a6
--- /dev/null
+++ b/man/integritysetup.8.adoc
@@ -0,0 +1,334 @@
+= integritysetup(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: integritysetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+
+== NAME
+
+integritysetup - manage dm-integrity (block level integrity) volumes
+
+== SYNOPSIS
+
+*integritysetup <action> [<options>] <action args>*
+
+== DESCRIPTION
+
+Integritysetup is used to configure dm-integrity managed device-mapper
+mappings.
+
+Device-mapper integrity target provides read-write transparent integrity
+checking of block devices. The dm-integrity target emulates an additional
+data integrity field per-sector. You can use this additional field
+directly with integritysetup utility, or indirectly (for authenticated
+encryption) through cryptsetup.
+
+== BASIC ACTIONS
+
+Integritysetup supports these operations:
+
+=== FORMAT
+*format <device>*
+
+Formats <device> (calculates space and dm-integrity superblock and wipes
+the device).
+
+*<options>* can be [--data-device, --batch-mode, --no-wipe,
+--journal-size, --interleave-sectors, --tag-size, --integrity,
+--integrity-key-size, --integrity-key-file, --sector-size,
+--progress-frequency, --progress-json].
+
+=== OPEN
+*open <device> <name>* +
+create <name> <device> (*OBSOLETE syntax*)
+
+Open a mapping with <name> backed by device <device>.
+
+*<options>* can be [--data-device, --batch-mode, --journal-watermark,
+--journal-commit-time, --buffer-sectors, --integrity,
+--integrity-key-size, --integrity-key-file, --integrity-no-journal,
+--integrity-recalculate,
+--integrity-recalculate-reset,--integrity-recovery-mode,
+--allow-discards].
+
+=== CLOSE
+*close <name>* +
+remove <name> (*OBSOLETE syntax*)
+
+Removes existing mapping <name>.
+
+*<options>* can be [--deferred] or [--cancel-deferred]
+
+=== STATUS
+*status <name>*
+
+Reports status for the active integrity mapping <name>.
+
+=== DUMP
+*dump <device>*
+
+Reports parameters from on-disk stored superblock.
+
+=== RESIZE
+*resize <name>*
+
+Resizes an active mapping <name>.
+
+If --size (in 512-bytes sectors) or --device-size are not specified, the
+size is computed from the underlying device. After resize, the
+*recalculating* flag is set. If --wipe flag is set and the size of the
+device is increased, the newly added section will be wiped.
+
+Increasing the size of integrity volumes is available since the Linux
+kernel version 5.7, shrinking should work on older kernels too.
+
+*<options>* can be [--size, --device-size, --wipe].
+
+== OPTIONS
+*--progress-frequency <seconds>*::
+Print separate line every <seconds> with wipe progress.
+
+*--progress-json*::
+Prints wipe progress data in json format suitable mostly for machine
+processing. It prints separate line every half second (or based on
+--progress-frequency value). The JSON output looks as follows during
+wipe progress (except it's compact single line):
++
+....
+{
+  "device":"/dev/sda"       // backing device or file
+  "device_bytes":"8192",    // bytes wiped so far
+  "device_size":"44040192", // total bytes to wipe
+  "speed":"126877696",      // calculated speed in bytes per second (based on progress so far)
+  "eta_ms":"2520012"        // estimated time to finish wipe in milliseconds
+  "time_ms":"5561235"       // total time spent wiping device in milliseconds
+}
+....
++
+Note on numbers in JSON output: Due to JSON parsers limitations all
+numbers are represented in a string format due to need of full 64bit
+unsigned integers.
+
+*--no-wipe*::
+Do not wipe the device after format. A device that is not initially
+wiped will contain invalid checksums.
+
+*--wipe*::
+Wipe the newly allocated area after resize to bigger size. If this
+flag is not set, checksums will be calculated for the data previously
+stored in the newly allocated area.
+
+*--journal-size, -j BYTES*::
+Size of the journal.
+
+*--interleave-sectors SECTORS*::
+The number of interleaved sectors.
+
+*--integrity-recalculate*::
+Automatically recalculate integrity tags in kernel on activation. The
+device can be used during automatic integrity recalculation but
+becomes fully integrity protected only after the background operation
+is finished. This option is available since the Linux kernel version
+4.19.
+
+*--integrity-recalculate-reset*::
+Restart recalculation from the beginning of the device. It can be used
+to change the integrity checksum function. Note it does not change the
+tag length. This option is available since the Linux kernel version
+5.13.
+
+*--journal-watermark PERCENT*::
+Journal watermark in percents. When the size of the journal exceeds
+this watermark, the journal flush will be started.
+
+*--journal-commit-time MS*::
+Commit time in milliseconds. When this time passes (and no explicit
+flush operation was issued), the journal is written.
+
+*--tag-size, -t BYTES*::
+Size of the integrity tag per-sector (here the integrity function will
+store authentication tag).
++
+*NOTE:* The size can be smaller that output size of the hash function,
+in that case only part of the hash will be stored.
+
+*--data-device <data_device>*::
+Specify a separate data device that contains existing data. The
+<device> then will contain calculated integrity tags and journal for
+data on <data_device>.
++
+*NOTE:* To not wipe the data device after initial format, also specify
+--no-wipe option and activate with --integrity-recalculate to
+automatically recalculate integrity tags.
+
+*--sector-size, -s BYTES*::
+Sector size (power of two: 512, 1024, 2048, 4096).
+
+*--buffer-sectors SECTORS*::
+The number of sectors in one buffer.
++
+The tag area is accessed using buffers, the large buffer size means that
+the I/O size will be larger, but there could be less I/Os issued.
+
+*--integrity, -I ALGORITHM*::
+Use internal integrity calculation (standalone mode). The integrity
+algorithm can be CRC (crc32c/crc32), non-cryptographic hash function
+(xxhash64) or hash function (sha1, sha256).
++
+For HMAC (hmac-sha256) you have also to specify an integrity key and its
+size.
+
+*--integrity-key-size BYTES*::
+The size of the data integrity key. Maximum is 4096 bytes.
+
+*--integrity-key-file FILE*::
+The file with the integrity key.
+
+*--integrity-no-journal, -D*::
+Disable journal for integrity device.
+
+*--integrity-bitmap-mode. -B*::
+Use alternate bitmap mode (available since Linux kernel 5.2) where
+dm-integrity uses bitmap instead of a journal. If a bit in the bitmap
+is 1, the corresponding region's data and integrity tags are not
+synchronized - if the machine crashes, the unsynchronized regions will
+be recalculated. The bitmap mode is faster than the journal mode,
+because we don't have to write the data twice, but it is also less
+reliable, because if data corruption happens when the machine crashes,
+it may not be detected.
+
+*--bitmap-sectors-per-bit SECTORS*::
+Number of 512-byte sectors per bitmap bit, the value must be power of
+two.
+
+*--bitmap-flush-time MS*::
+Bitmap flush time in milliseconds.
++
+*WARNING:*::
+In case of a crash, it is possible that the data and integrity tag
+doesn't match if the journal is disabled.
+
+*--integrity-recovery-mode. -R*::
+Recovery mode (no journal, no tag checking).
+
+*NOTE:* The following options are intended for testing purposes only.:
+Using journal encryption does not make sense without encryption the
+data, these options are internally used in authenticated disk
+encryption with *cryptsetup(8)*.
+
+*--journal-integrity ALGORITHM*::
+Integrity algorithm for journal area. See --integrity option for
+detailed specification.
+
+*--journal-integrity-key-size BYTES*::
+The size of the journal integrity key. Maximum is 4096 bytes.
+
+*--journal-integrity-key-file FILE*::
+The file with the integrity key.
+
+*--journal-crypt ALGORITHM*::
+Encryption algorithm for journal data area. You can use a block cipher
+here such as cbc-aes or a stream cipher, for example, chacha20 or
+ctr-aes.
+
+*--journal-crypt-key-size BYTES*::
+The size of the journal encryption key. Maximum is 4096 bytes.
+
+*--journal-crypt-key-file FILE*::
+The file with the journal encryption key.
+
+*--allow-discards*::
+Allow the use of discard (TRIM) requests for the device. This option
+is available since the Linux kernel version 5.7.
+
+*--deferred*::
+Defers device removal in *close* command until the last user closes
+it.
+
+*--cancel-deferred*::
+Removes a previously configured deferred device removal in *close*
+command.
+
+*--verbose, -v*::
+Print more information on command execution.
+
+*--debug*::
+Run in debug mode with full diagnostic logs. Debug output lines are
+always prefixed by *#*.
+
+*--version, -V*::
+Show the program version.
+
+*--batch-mode, -q*::
+Do not ask for confirmation.
+
+*--usage*::
+Show short option help.
+
+*--help, -?*::
+Show help text and default parameters.
+
+== LEGACY COMPATIBILITY OPTIONS
+
+*WARNING:*::
+Do not use these options until you need compatibility with specific
+old kernel.
+
+*--integrity-legacy-padding*::
+Use inefficient legacy padding.
+
+*--integrity-legacy-hmac*::
+Use old flawed HMAC calculation (also does not protect superblock).
+
+*--integrity-legacy-recalculate*::
+Allow insecure recalculating of volumes with HMAC keys (recalculation
+offset in superblock is not protected).
+
+== RETURN CODES
+
+Integritysetup returns *0* on success and a non-zero value on error.
+
+Error codes are: *1* wrong parameters, *2* no permission, *3* out of memory,
+*4* wrong device specified, *5* device already exists or device is busy.
+
+== NOTES
+The dm-integrity target is available since Linux kernel version 4.12.
+
+Format and activation of an integrity device always require superuser
+privilege because the superblock is calculated and handled in
+dm-integrity kernel target.
+
+== EXAMPLES
+
+Format the device with default standalone mode (CRC32C):
+
+*integritysetup format <device>*
+
+Open the device with default parameters:
+
+*integritysetup open <device> test*
+
+Format the device in standalone mode for use with HMAC(SHA256):
+
+*integritysetup format <device> --tag-size 32 --integrity hmac-sha256
+--integrity-key-file <keyfile> --integrity-key-size <key_bytes>*
+
+Open (activate) the device with HMAC(SHA256) and HMAC key in file:
+
+*integritysetup open <device> test --integrity hmac-sha256
+--integrity-key-file <keyfile> --integrity-key-size <key_bytes>*
+
+Dump dm-integrity superblock information:
+
+*integritysetup dump <device>*
+
+== DM-INTEGRITY ON-DISK FORMAT
+
+The on-disk format specification available at
+https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity[*DMIntegrity*] page.
+
+== AUTHORS
+
+The integritysetup tool is written by mailto:gmazyland@gmail.com[Milan Broz].
+
+include::man/common_footer.adoc[]
diff --git a/man/veritysetup.8 b/man/veritysetup.8
deleted file mode 100644
index ccdfe62..0000000
--- a/man/veritysetup.8
+++ /dev/null
@@ -1,245 +0,0 @@
-.TH VERITYSETUP "8" "January 2021" "veritysetup" "Maintenance Commands"
-.SH NAME
-veritysetup - manage dm-verity (block level verification) volumes
-.SH SYNOPSIS
-.B veritysetup <options> <action> <action args>
-.SH DESCRIPTION
-.PP
-Veritysetup is used to configure dm-verity managed device-mapper mappings.
-
-Device-mapper verity target provides read-only transparent integrity
-checking of block devices using kernel crypto API.
-
-The dm-verity devices are always read-only.
-
-Veritysetup supports these operations:
-.PP
-\fIformat\fR <data_device> <hash_device>
-.IP
-Calculates and permanently stores hash verification data for data_device.
-Hash area can be located on the same device after data if specified
-by \-\-hash\-offset option.
-
-Note you need to provide root hash string for device verification
-or activation. Root hash must be trusted.
-
-The data or hash device argument can be block device or file image.
-If hash device path doesn't exist, it will be created as file.
-
-\fB<options>\fR can be [\-\-hash, \-\-no-superblock, \-\-format,
-\-\-data-block-size, \-\-hash-block-size, \-\-data-blocks, \-\-hash-offset,
-\-\-salt, \-\-uuid]
-.PP
-\fIopen\fR <data_device> <name> <hash_device> <root_hash>
-.br
-\fIcreate\fR <name> <data_device> <hash_device> <root_hash>  (\fBOBSOLETE syntax\fR)
-.IP
-Creates a mapping with <name> backed by device <data_device> and using
-<hash_device> for in-kernel verification.
-
-The <root_hash> is a hexadecimal string.
-
-\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock,
-\-\-ignore-corruption or \-\-restart-on-corruption, \-\-panic-on-corruption,
-\-\-ignore-zero-blocks, \-\-check-at-most-once, \-\-root-hash-signature]
-
-If option \-\-no-superblock is used, you have to use as the same options
-as in initial format operation.
-.PP
-\fIverify\fR <data_device> <hash_device> <root_hash>
-.IP
-Verifies data on data_device with use of hash blocks stored on hash_device.
-
-This command performs userspace verification, no kernel device is created.
-
-The <root_hash> is a hexadecimal string.
-
-\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock]
-
-If option \-\-no-superblock is used, you have to use as the same options
-as in initial format operation.
-.PP
-\fIclose\fR <name>
-.IP
-Removes existing mapping <name>.
-
-For backward compatibility there is \fBremove\fR command alias
-for \fBclose\fR command.
-.PP
-\fIstatus\fR <name>
-.IP
-Reports status for the active verity mapping <name>.
-.PP
-\fIdump\fR <hash_device>
-.IP
-Reports parameters of verity device from on-disk stored superblock.
-
-\fB<options>\fR can be [\-\-no-superblock]
-.SH OPTIONS
-.TP
-.B "\-\-verbose, \-v"
-Print more information on command execution.
-.TP
-.B "\-\-debug"
-Run in debug mode with full diagnostic logs. Debug output
-lines are always prefixed by '#'.
-.TP
-.B "\-\-no-superblock"
-Create or use dm-verity without permanent on-disk superblock.
-.TP
-.B "\-\-format=number"
-Specifies the hash version type.
-Format type 0 is original Chrome OS version. Format type 1 is current version.
-.TP
-.B "\-\-data-block-size=bytes"
-Used block size for the data device.
-(Note kernel supports only page-size as maximum here.)
-.TP
-.B "\-\-hash-block-size=bytes"
-Used block size for the hash device.
-(Note kernel supports only page-size as maximum here.)
-.TP
-.B "\-\-data-blocks=blocks"
-Size of data device used in verification.
-If not specified, the whole device is used.
-.TP
-.B "\-\-hash-offset=bytes"
-Offset of hash area/superblock on hash_device.
-Value must be aligned to disk sector offset.
-.TP
-.B "\-\-salt=hex string"
-Salt used for format or verification.
-Format is a hexadecimal string.
-.TP
-.B "\-\-uuid=UUID"
-Use the provided UUID for format command instead of generating new one.
-
-The UUID must be provided in standard UUID format,
-e.g. 12345678-1234-1234-1234-123456789abc.
-.TP
-.B "\-\-ignore-corruption", "\-\-restart-on-corruption", "\-\-panic-on-corruption"
-Defines what to do if data integrity problem is detected (data corruption).
-
-Without these options kernel fails the IO operation with I/O error.
-With \-\-ignore-corruption option the corruption is only logged.
-With \-\-restart-on-corruption or  \-\-panic-on-corruption the kernel
-is restarted (panicked) immediately.
-(You have to provide way how to avoid restart loops.)
-
-\fBWARNING:\fR Use these options only for very specific cases.
-These options are available since Linux kernel version 4.1.
-.TP
-.B "\-\-ignore-zero-blocks"
-Instruct kernel to not verify blocks that are expected to contain zeroes
-and always directly return zeroes instead.
-
-\fBWARNING:\fR Use this option only in very specific cases.
-This option is available since Linux kernel version 4.5.
-.TP
-.B "\-\-check-at-most-once"
-Instruct kernel to verify blocks only the first time they are read
-from the data device, rather than every time.
-
-\fBWARNING:\fR It provides a reduced level of security because only
-offline tampering of the data device's content will be detected,
-not online tampering.
-This option is available since Linux kernel version 4.17.
-.TP
-.B "\-\-hash=hash"
-Hash algorithm for dm-verity. For default see \-\-help option.
-.TP
-.B "\-\-version"
-Show the program version.
-.TP
-.B "\-\-fec-device=fec_device"
-Use forward error correction (FEC) to recover from corruption if hash verification fails.
-Use encoding data from the specified device.
-
-The fec device argument can be block device or file image.
-For format, if fec device path doesn't exist, it will be created as file.
-
-Block sizes for data and hash devices must match.
-Also, if the verity data_device is encrypted the fec_device should be too.
-
-FEC calculation covers data, hash area, and optional foreign metadata stored on the same
-device with the hash tree (additional space after hash area).
-Size of this optional additional area protected by FEC is calculated from image sizes,
-so you must be sure that you use the same images for activation.
-
-If the hash device is in a separate image, metadata covers the whole rest of the image after the hash area.
-
-If hash and FEC device is in the image, metadata ends on the FEC area offset.
-
-.TP
-.B "\-\-fec-offset=bytes"
-This is the offset, in bytes, from the start of the FEC device to the beginning of the encoding data.
-.TP
-.B "\-\-fec-roots=num"
-Number of generator roots. This equals to the number of parity bytes in the encoding data.
-In RS(M, N) encoding, the number of roots is M-N. M is 255 and M-N is between 2 and 24 (including).
-.TP
-.B "\-\-root-hash-signature=FILE"
-Path to roothash signature file used to verify the root hash (in kernel).
-This feature requires Linux kernel version 5.4 or more recent.
-.TP
-.SH RETURN CODES
-Veritysetup returns 0 on success and a non-zero value on error.
-
-Error codes are:
-    1 wrong parameters
-    2 no permission
-    3 out of memory
-    4 wrong device specified
-    5 device already exists or device is busy.
-
-.SH EXAMPLES
-.B "veritysetup \-\-data-blocks=256 format <data_device> <hash_device>"
-
-Calculates and stores verification data on hash_device for the first 256 blocks (of block-size).
-If hash_device does not exist, it is created (as file image).
-
-.B "veritysetup format <data_device> <hash_device>"
-
-Calculates and stores verification data on hash_device for the whole data_device.
-
-.B "veritysetup \-\-data-blocks=256 \-\-hash-offset=1052672 format <device> <device>"
-
-Verification data (hashes) is stored on the same device as data (starting at hash-offset).
-Hash-offset must be greater than number of blocks in data-area.
-
-.B "veritysetup \-\-data-blocks=256 \-\-hash-offset=1052672 create test-device <device> <device> <root_hash>"
-
-Activates the verity device named test-device. Options \-\-data-blocks and \-\-hash-offset are the same
-as in the format command. The <root_hash> was calculated in format command.
-
-.B "veritysetup \-\-data-blocks=256 \-\-hash-offset=1052672 verify <data_device> <hash_device> <root_hash>"
-
-Verifies device without activation (in userspace).
-
-.B "veritysetup \-\-fec-device=<fec_device> \-\-fec-roots=10 format <data_device> <hash_device>"
-
-Calculates and stores verification and encoding data for data_device.
-
-.SH REPORTING BUGS
-Report bugs, including ones in the documentation, on
-the cryptsetup mailing list at <dm-crypt@saout.de>
-or in the 'Issues' section on LUKS website.
-Please attach the output of the failed command with the
-\-\-debug option added.
-.SH AUTHORS
-The first implementation of veritysetup was written by Chrome OS authors.
-
-This version is based on verification code written by Mikulas Patocka <mpatocka@redhat.com>
-and rewritten for libcryptsetup by Milan Broz <gmazyland@gmail.com>.
-.SH COPYRIGHT
-Copyright \(co 2012-2021 Red Hat, Inc.
-.br
-Copyright \(co 2012-2021 Milan Broz
-
-This is free software; see the source for copying conditions.  There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-.SH SEE ALSO
-The project website at \fBhttps://gitlab.com/cryptsetup/cryptsetup\fR
-
-The verity on-disk format specification available at
-\fBhttps://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity\fR
diff --git a/man/veritysetup.8.adoc b/man/veritysetup.8.adoc
new file mode 100644
index 0000000..36d1501
--- /dev/null
+++ b/man/veritysetup.8.adoc
@@ -0,0 +1,311 @@
+= veritysetup(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: veritysetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+
+== NAME
+
+veritysetup - manage dm-verity (block level verification) volumes
+
+== SYNOPSIS
+
+*veritysetup <action> [<options>] <action args>*
+
+== DESCRIPTION
+
+Veritysetup is used to configure dm-verity managed device-mapper
+mappings.
+
+Device-mapper verity target provides read-only transparent integrity
+checking of block devices using kernel crypto API.
+
+The dm-verity devices are always read-only.
+
+== BASIC ACTIONS
+
+Veritysetup supports these operations:
+
+=== FORMAT
+*format <data_device> <hash_device>*
+
+Calculates and permanently stores hash verification data for
+data_device. Hash area can be located on the same device after data if
+specified by --hash-offset option.
+
+Note you need to provide root hash string for device verification or
+activation. Root hash must be trusted.
+
+The data or hash device argument can be block device or file image. If
+hash device path doesn't exist, it will be created as file.
+
+*<options>* can be [--hash, --no-superblock, --format,
+--data-block-size, --hash-block-size, --data-blocks, --hash-offset,
+--salt, --uuid, --root-hash-file].
+
+If option --root-hash-file is used, the root hash is stored in
+hex-encoded text format in <path>.
+
+=== OPEN
+*open <data_device> <name> <hash_device> <root_hash>* +
+*open <data_device> <name> <hash_device> --root-hash-file <path>* +
+create <name> <data_device> <hash_device> <root_hash> (*OBSOLETE syntax*)
+
+Creates a mapping with <name> backed by device <data_device> and using
+<hash_device> for in-kernel verification.
+
+The <root_hash> is a hexadecimal string.
+
+*<options>* can be [--hash-offset, --no-superblock, --ignore-corruption
+or --restart-on-corruption, --panic-on-corruption, --ignore-zero-blocks,
+--check-at-most-once, --root-hash-signature, --root-hash-file, --use-tasklets].
+
+If option --root-hash-file is used, the root hash is read from <path>
+instead of from the command line parameter. Expects hex-encoded text,
+without terminating newline.
+
+If option --no-superblock is used, you have to use as the same options
+as in initial format operation.
+
+=== VERIFY
+*verify <data_device> <hash_device> <root_hash>* +
+*verify <data_device> <hash_device> --root-hash-file <path>*
+
+Verifies data on data_device with use of hash blocks stored on
+hash_device.
+
+This command performs userspace verification, no kernel device is
+created.
+
+The <root_hash> is a hexadecimal string.
+
+If option --root-hash-file is used, the root hash is read from <path>
+instead of from the command line parameter. Expects hex-encoded text,
+without terminating newline.
+
+*<options>* can be [--hash-offset, --no-superblock, --root-hash-file].
+
+If option --no-superblock is used, you have to use as the same options
+as in initial format operation.
+
+=== CLOSE
+*close <name>* +
+remove <name> (*OBSOLETE syntax*)
+
+Removes existing mapping <name>.
+
+*<options>* can be [--deferred] or [--cancel-deferred].
+
+=== STATUS
+*status <name>*
+
+Reports status for the active verity mapping <name>.
+
+=== DUMP
+*dump <hash_device>*
+
+Reports parameters of verity device from on-disk stored superblock.
+
+*<options>* can be [--hash-offset].
+
+== OPTIONS
+
+*--no-superblock*::
+Create or use dm-verity without permanent on-disk superblock.
+
+*--format=number*::
+Specifies the hash version type. Format type 0 is original Chrome OS
+version. Format type 1 is current version.
+
+*--data-block-size=bytes*::
+Used block size for the data device. (Note kernel supports only
+page-size as maximum here.)
+
+*--hash-block-size=bytes*::
+Used block size for the hash device. (Note kernel supports only
+page-size as maximum here.)
+
+*--data-blocks=blocks*::
+Size of data device used in verification. If not specified, the whole
+device is used.
+
+*--hash-offset=bytes*::
+Offset of hash area/superblock on hash_device. Value must be aligned
+to disk sector offset.
+
+*--salt=hex string*::
+Salt used for format or verification. Format is a hexadecimal string.
+
+*--uuid=UUID*::
+Use the provided UUID for format command instead of generating new
+one.
++
+The UUID must be provided in standard UUID format, e.g.
+12345678-1234-1234-1234-123456789abc.
+*--ignore-corruption , --restart-on-corruption ,
+--panic-on-corruption*::
+Defines what to do if data integrity problem is detected (data
+corruption).
++
+Without these options kernel fails the IO operation with I/O error. With
+--ignore-corruption option the corruption is only logged. With
+--restart-on-corruption or --panic-on-corruption the kernel is restarted
+(panicked) immediately. (You have to provide way how to avoid restart
+loops.)
++
+*WARNING:* Use these options only for very specific cases. These options
+are available since Linux kernel version 4.1.
+
+*--ignore-zero-blocks*::
+Instruct kernel to not verify blocks that are expected to contain
+zeroes and always directly return zeroes instead.
++
+*WARNING:* Use this option only in very specific cases. This option is
+available since Linux kernel version 4.5.
+
+*--check-at-most-once*::
+Instruct kernel to verify blocks only the first time they are read
+from the data device, rather than every time.
++
+*WARNING:* It provides a reduced level of security because only offline
+tampering of the data device's content will be detected, not online
+tampering. This option is available since Linux kernel version 4.17.
+
+*--hash=hash*::
+Hash algorithm for dm-verity. For default see --help option.
+
+*--fec-device=fec_device*::
+Use forward error correction (FEC) to recover from corruption if hash
+verification fails. Use encoding data from the specified device.
++
+The fec device argument can be block device or file image. For format,
+if fec device path doesn't exist, it will be created as file.
++
+Block sizes for data and hash devices must match. Also, if the verity
+data_device is encrypted the fec_device should be too.
++
+FEC calculation covers data, hash area, and optional foreign metadata
+stored on the same device with the hash tree (additional space after
+hash area). Size of this optional additional area protected by FEC is
+calculated from image sizes, so you must be sure that you use the same
+images for activation.
++
+If the hash device is in a separate image, metadata covers the whole
+rest of the image after the hash area.
++
+If hash and FEC device is in the image, metadata ends on the FEC area
+offset.
+
+*--fec-offset=bytes*::
+This is the offset, in bytes, from the start of the FEC device to the
+beginning of the encoding data.
+
+*--fec-roots=num*::
+Number of generator roots. This equals to the number of parity bytes
+in the encoding data. In RS(M, N) encoding, the number of roots is
+M-N. M is 255 and M-N is between 2 and 24 (including).
+
+*--root-hash-file=FILE*::
+Path to file with stored root hash in hex-encoded text.
+
+*--root-hash-signature=FILE*::
+Path to root hash signature file used to verify the root hash (in
+kernel). This feature requires Linux kernel version 5.4 or more
+recent.
+
+*--use-tasklets*::
+Try to use kernel tasklets in dm-verity driver for performance reasons.
+This option is available since Linux kernel version 6.0.
+
+*--deferred*::
+Defers device removal in *close* command until the last user closes
+it.
+
+*--cancel-deferred*::
+Removes a previously configured deferred device removal in *close*
+command.
+
+*--verbose, -v*::
+Print more information on command execution.
+
+*--debug*::
+Run in debug mode with full diagnostic logs. Debug output lines are
+always prefixed by *#*.
+
+*--version, -V*::
+Show the program version.
+
+*--batch-mode, -q*::
+Do not ask for confirmation.
+
+*--usage*::
+Show short option help.
+
+*--help, -?*::
+Show help text and default parameters.
+
+== RETURN CODES
+
+Veritysetup returns *0* on success and a non-zero value on error.
+
+Error codes are: *1* wrong parameters, *2* no permission, *3* out of memory,
+*4* wrong device specified, *5* device already exists or device is busy.
+
+== EXAMPLES
+
+*veritysetup --data-blocks=256 format <data_device> <hash_device>*
+
+Calculates and stores verification data on hash_device for the first 256
+blocks (of block-size). If hash_device does not exist, it is created (as
+file image).
+
+*veritysetup format --root-hash-file <path> <data_device> <hash_device>*
+
+Calculates and stores verification data on hash_device for the whole
+data_device, and store the root hash as hex-encoded text in <path>.
+
+*veritysetup --data-blocks=256 --hash-offset=1052672 format <device>
+<device>*
+
+Verification data (hashes) is stored on the same device as data
+(starting at hash-offset). Hash-offset must be greater than number of
+blocks in data-area.
+
+*veritysetup --data-blocks=256 --hash-offset=1052672 create test-device
+<device> <device> <root_hash>*
+
+Activates the verity device named test-device. Options --data-blocks and
+--hash-offset are the same as in the format command. The <root_hash> was
+calculated in format command.
+
+*veritysetup --data-blocks=256 --hash-offset=1052672 verify
+<data_device> <hash_device> <root_hash>*
+
+Verifies device without activation (in userspace).
+
+*veritysetup --data-blocks=256 --hash-offset=1052672 --root-hash-file
+<path> verify <data_device> <hash_device>*
+
+Verifies device without activation (in userspace). Root hash passed via
+a file rather than inline.
+
+*veritysetup --fec-device=<fec_device> --fec-roots=10 format
+<data_device> <hash_device>*
+
+Calculates and stores verification and encoding data for data_device.
+
+== DM-VERITY ON-DISK SPECIFICATION
+
+The on-disk format specification is available at
+https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity[*DMVerity*] page.
+
+== AUTHORS
+
+The first implementation of veritysetup was written by Chrome OS
+authors.
+
+This version is based on verification code written by
+mailto:mpatocka@redhat.com[Mikulas Patocka] and rewritten for libcryptsetup
+by mailto:gmazyland@gmail.com[Milan Broz].
+
+include::man/common_footer.adoc[]