Man Linux: Main Page and Category List


       pmt-ehd - create an encrypted disk image


       pmt-ehd   [-DFx]   [-c   fscipher]   [-h   digest]   [-i   cipher]  [-k
       fscipher_keybits]  [-t  fstype]  -f  container_path  -p  fskey_path  -s


       Mandatory  options that are absent are inquired interactively, and pmt-
       ehd will exit if stdin is not a terminal.

       -D     Turn on debugging strings.

       -F     Force  operation  that  would  otherwise  ask  for   interactive
              confirmation.  Multiple -F can be specified to apply more force.

       -c cipher
              The cipher to be used for the  filesystem.  This  can  take  any
              value  that  cryptsetup(8)  recognizes,  usually  in the form of
              "cipher-mode[-extras]".   Recommended  are  aes-cbc-essiv:sha256
              (this is the default) or blowfish-cbc-essiv:sha256.

       -f path
              Store  the  new  disk image at path. If the file already exists,
              pmt-ehd will prompt before overwriting unless -F  is  given.  If
              path refers to a symlink, pmt-ehd will act even more cautious.

       -h digest
              Digest  used  for  fskey  derivation from the password. This can
              take any value that OpenSSL recognizes. The default is sha1.

       -i cipher
              Cipher used for the filesystem key (not the encrypted filesystem
              itself).  This  can  take  any  value  that  OpenSSL recognizes,
              usually in the form  of  "cipher-keysize-mode".  Recommended  is
              aes-256-cbc (this is the default).

       -k keybits
              The  keysize  for  the  cipher  specified  with -c. Some ciphers
              support multiple keysizes, AES for example is available with  at
              least   the   keysizes   192  and  256.   Example:  -c  aes-cbc-
              essiv:sha256 -k 192.

       -p path
              Store the filesystem key at path.  The  filesystem  key  is  the
              ultimate  key  to  open the encrypted filesystem, and the fs key
              itself is encrypted with your password.

       -s size
              The initial size of the encrypted filesystem, in megabytes. This
              option  is  ignored  when  the  filesystem is created on a block

       -t fstype
              Filesystem to use for the encrypted filesystem. Defaults to xfs.

       -u user
              Give  the container and fskey files to user (because the program
              is usually runs as root, and the files  would  otherwise  retain
              root ownership).

       -x     Do  not  initialize  the  container  with random bytes. This may
              impact secrecy.

       pmt-ehd can be used to create a new encrypted container,  and  replaces
       the  previous mkehd script as well as any HOWTOs that explain how to do
       it manually.  Without any arguments, pmt-ehd will interactively ask for
       all  missing  parameters.  To create a container with a size of 256 MB,

       pmt-ehd -f /home/user.key -p /home/user.enc -s 256