pmt-ehd - create an encrypted disk image
pmt-ehd [-DFx] [-c fscipher] [-h digest] [-i cipher] [-k
fscipher_keybits] [-t fstype] -f container_path -p fskey_path -s
Mandatory options that are absent are inquired interactively, and pmt-
ehd will exit if stdin is not a terminal.
-D Turn on debugging strings.
-F Force operation that would otherwise ask for interactive
confirmation. Multiple -F can be specified to apply more force.
The cipher to be used for the filesystem. This can take any
value that cryptsetup(8) recognizes, usually in the form of
"cipher-mode[-extras]". Recommended are aes-cbc-essiv:sha256
(this is the default) or blowfish-cbc-essiv:sha256.
Store the new disk image at path. If the file already exists,
pmt-ehd will prompt before overwriting unless -F is given. If
path refers to a symlink, pmt-ehd will act even more cautious.
Digest used for fskey derivation from the password. This can
take any value that OpenSSL recognizes. The default is sha1.
Cipher used for the filesystem key (not the encrypted filesystem
itself). This can take any value that OpenSSL recognizes,
usually in the form of "cipher-keysize-mode". Recommended is
aes-256-cbc (this is the default).
The keysize for the cipher specified with -c. Some ciphers
support multiple keysizes, AES for example is available with at
least the keysizes 192 and 256. Example: -c aes-cbc-
essiv:sha256 -k 192.
Store the filesystem key at path. The filesystem key is the
ultimate key to open the encrypted filesystem, and the fs key
itself is encrypted with your password.
The initial size of the encrypted filesystem, in megabytes. This
option is ignored when the filesystem is created on a block
Filesystem to use for the encrypted filesystem. Defaults to xfs.
Give the container and fskey files to user (because the program
is usually runs as root, and the files would otherwise retain
-x Do not initialize the container with random bytes. This may
pmt-ehd can be used to create a new encrypted container, and replaces
the previous mkehd script as well as any HOWTOs that explain how to do
it manually. Without any arguments, pmt-ehd will interactively ask for
all missing parameters. To create a container with a size of 256 MB,
pmt-ehd -f /home/user.key -p /home/user.enc -s 256