zuluCrypt-cli(1) | General Commands Manual | zuluCrypt-cli(1) |
zuluCrypt-cli - command line interface frontend to cryptsetup and tcplay
meaning of symbols:
<> = required option
[] = optional argument
* = default option
| = alternatives for the same option
{} = not allowed option
zuluCrypt-cli --test
zuluCrypt-cli -o <d> <m> [e] <p|f|h>
zuluCrypt-cli -O <d> {m} [e] <p|f|h>
zuluCrypt-cli -q <d>
zuluCrypt-cli -i <d>
zuluCrypt-cli -c <d> <p|f|h> [ktzg]
zuluCrypt-cli -r <-d> <p|f|h>
zuluCrypt-cli -a <d> <<y|u> <l|n>>|<h>
zuluCrypt-cli -b <d>
zuluCrypt-cli -w <d> d argument must be something like: UUID=
zuluCrypt-cli -P <d> d device must be mapper path at /dev/mapper/
zuluCrypt-cli -X <d>
zuluCrypt-cli -J <d>
zuluCrypt-cli -R <d> <f> <z>
zuluCrypt-cli -B <d> <f> <z>
zuluCrypt-cli -A
zuluCrypt-cli -S
zuluCrypt-cli -N
examples:
create volume: zuluCrypt-cli -c -d /dev/sdc1 -z ext4 -t luks -p xxx
open volume : zuluCrypt-cli -o -d /dev/sdc1 -m sdc1 -e ro -p xxx
open volume through sudo/pkexec : zuluCrypt-cli -o -d /dev/sdc1 -m sdc1 -e ro
-p xxx -K $USER_ID
close volume ; zuluCrypt-cli -q -d /dev/sdc1
remove key ; zuluCrypt-cli -r -d /dev/sdc1 -p xxx
add key : zuluCrypt-cli -a -d /dev/sdc1 -y xxx -l yyy
get device path from mapper : zuluCrypt-cli -P -d /dev/mapper/zuluCrypt-sdc1
check if partition with UUID is present : zuluCrypt-cli -w -d UUID=
zuluCrypt is a front end to cryptsetup. It aims to simplify using cryptsetup volumes by creating a simple to use command line interface and a Qt based GUI front end to the command line.
The command line program is called "zuluCrypt-cli", the Qt based GUI is called "zuluCrypt-gui". The cli part of the program is an suid program to allow management of the volumes without setting up sudo with appropriate permissions first or requiring root's password.
The GUI part of the program calls the cli part for its operations.
This tool will create volumes only in non system partitions.
System partition is a partition with an active entry in /etc/fstab and /etc/crypttab
usage: zuluCrypt-cli <operation> <options specific to the
operation>
operation list:
-c create an encrypted volume
-o open and encrypted volume
-O open an encrypted volume but do not mount it( -m therefore not needed )
-K if zuluCrypt-cli or zuluMount-cli is invoked with sudo/pkexec to unlock a
volume, use this option
to tell zuluCrypt to work on behalf of what user. If this option is not set
them the unlocked volume
will incorrectly belong to root user instead of the user who run
zuluCrypt-cli/zuluMount-cli.
-q close an opened encrypted volume
-r remove a key from luks volume
-a add a key to luks volume
-i check if a device contain a luks volume
-s check if a device is opened and print its properties if it is
-b show status of each slot of luks
volume."0"=empty,"1"=occupied,"2"=invalid
slot,"3"=last occupied
-A print the list of all partitions on the system
-N print a list of non system partitions on the system( partitions with no
active entries in /etc/fstab and /etc/crypttab
-T print a detailed list of mounted partitions.Must be used with -A or -S or
-N
-Z print a detailed list of unmounted partitions.Must be used with -A or -S or
-N
-S print a list of system partitions on the system( partitions with active
entries in /etc/fstab and /etc/crypttab
-w check if UUID matches UUID of any partition
-P get device path from mapper( located at /dev/mapper )
-L print a list of all opened volumes and their mount point.The list is not
formatted
-X open a device pointed by argument -d and write random data to it hiding
data previously written to device
-W check if a device is a truecrypt device or not,required argument are -p or
-f
-U print UUID of a given device,required argument: -d
-H compare a header on a luks device to a backup header,required arg: -d and
-f
-M create a publicly accessible "mirror" of the mount point in
"/run/media/public/" from the original created in
"/run/media/private/$USER/"
-J create a plain mapper owned by the user who run the command on a device
pointed by argument -d
-B create a luks or truecrypt header backup
-R restore a luks or truecrypt header on a device from backup
NOTE
A system partition is defined as a partition with an active entry in
/etc/fstab and/or /etc/crypttab.
An active entry is an entry that is not commented out.
options that goes with above operations:
-G module name to use to get a passphrase to open a volume
-e mode for opening volumes(ro*/rw) when used with -o/-O.
-e mode for managing a truecrypt header when used with -B/-R.Options can be
"fde" for volumes that use whole disk
encryption,"sys" for a windows system volume.The volume is assumed
to be a normal one when the option is not set.
-k do not ask for confirmation when doing dangerous operations
-d path to a file or partition with encrypted volume
-m path component to be added to mount point prefix(/run/media/private/$USER
or /home/$USER)
-z file system type installed(ext2,ext3,ext4* etc) or or luks/tcrypt header
backup path
-t type of volume (vera,plain/luks*). "vera" is a necessary argument
when opening a VeraCrypt volume
-g options to be used when creating a volume.
default for luks are: "/dev/urandom.aes.xts-plain64.256.sha1"
default for tcrypt are:
"/dev/urandom.aes.xts-plain64.256.ripemd160"
possible combination for tcrypt:
"/dev/urandom.serpent:twofish:aes.xts-plain64.256.whirlpool"
-h get passphrase interactively
-p passphrase
-f path to keyfile
-F path to normal truecrypt multiple keyfiles.Multiple keyfiles are added by
setting the option multiple times.
-V path to hidden truecrypt multiple keyfiles.Multiple keyfiles are added by
setting the option multiple times.
-y passphrase already in the volume(required by -a if -u is absent and -h is
also absent)
-u path to keyfile with passphrase already in the volume(required by -a if -y
is absent and -h is also absent)
-l passphrase to be added(required by -a if -n is absent and -h is also
absent)
-n path to keyfile with a passphrase to be added (required by -a if -l is
absent and -h is also absent)
Copyright (c) 2011-2020
name : Francis Banyikwa
email: mhogomchungu@gmail.com
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
Last change: Tue 09 Jun 2020 01:21:51 PM EAT