zuluCrypt-cli - Man Page

command line interface frontend to cryptsetup and tcplay

Synopsis

meaning of symbols:
<> = required option
[] = optional argument
*  = default option
|  = alternatives for the same option
{}  = not allowed option
zuluCrypt-cli --test
zuluCrypt-cli -o <d> <m> [e] <p|f|h>
zuluCrypt-cli -O <d> {m} [e] <p|f|h>
zuluCrypt-cli -q <d>
zuluCrypt-cli -i <d>
zuluCrypt-cli -c <d> <p|f|h> [ktzg]
zuluCrypt-cli -r <-d> <p|f|h>
zuluCrypt-cli -a <d> <<y|u> <l|n>>|<h>
zuluCrypt-cli -b <d>
zuluCrypt-cli -w <d>   d argument must be something like: UUID=
zuluCrypt-cli -P <d>   d device must be mapper path at /dev/mapper/
zuluCrypt-cli -X <d>
zuluCrypt-cli -J <d>
zuluCrypt-cli -R <d> <f> <z>
zuluCrypt-cli -B <d> <f> <z>
zuluCrypt-cli -A
zuluCrypt-cli -S
zuluCrypt-cli -N

examples:
create volume: zuluCrypt-cli -c -d /dev/sdc1 -z ext4 -t luks -p xxx
open volume  : zuluCrypt-cli -o -d /dev/sdc1 -m sdc1 -e ro -p xxx
open volume through sudo/pkexec  : zuluCrypt-cli -o -d /dev/sdc1 -m sdc1 -e ro -p xxx -K $USER_ID
close volume ; zuluCrypt-cli -q -d /dev/sdc1
remove key   ; zuluCrypt-cli -r -d /dev/sdc1 -p xxx
add key      : zuluCrypt-cli -a -d /dev/sdc1 -y xxx -l yyy
get device path from mapper  : zuluCrypt-cli -P -d /dev/mapper/zuluCrypt-sdc1
check if partition with UUID is present : zuluCrypt-cli -w -d UUID=

Description

zuluCrypt is a front end to cryptsetup. It aims to simplify using cryptsetup volumes by creating a simple to use command line interface and a Qt based GUI front end to the command line.

The command line program is called "zuluCrypt-cli", the Qt based GUI is called "zuluCrypt-gui". The cli part of the program is an suid program to allow management of the volumes without setting up sudo with appropriate permissions first or requiring root's password.

The GUI part of the program calls the cli part for its operations.

This tool will create volumes only in non system partitions.

System partition is a partition with an active entry in /etc/fstab and /etc/crypttab

Usage

usage: zuluCrypt-cli <operation> <options specific to the operation>
operation list:
-c         create an encrypted volume
-o         open and encrypted volume
-O         open an encrypted volume but do not mount it( -m therefore not needed )
-K         if zuluCrypt-cli or zuluMount-cli is invoked with sudo/pkexec to unlock a volume, use this option
          to tell zuluCrypt to work on behalf of what user. If this option is not set them the unlocked volume
          will incorrectly belong to root user instead of the user who run zuluCrypt-cli/zuluMount-cli.
-q         close an opened encrypted volume
-r         remove a key from luks volume
-a         add a key to luks volume
-i         check if a device contain a luks volume
-s         check if a device is opened and print its properties if it is
-b         show status of each slot of luks volume."0"=empty,"1"=occupied,"2"=invalid slot,"3"=last occupied
-A         print the list of all partitions on the system
-N         print a list of non system partitions on the system( partitions with no active entries in /etc/fstab and /etc/crypttab
-T         print a detailed list of mounted partitions.Must be used with -A or -S or -N
-Z         print a detailed list of unmounted partitions.Must be used with -A or -S or -N
-S         print a list of system partitions on the system( partitions with active entries in /etc/fstab and /etc/crypttab
-w         check if UUID matches UUID of any partition
-P         get device path from mapper( located at /dev/mapper )
-L         print a list of all opened volumes and their mount point.The list is not formatted
-X         open a device pointed by argument -d and write random data to it hiding data previously written to device
-W         check if a device is a truecrypt device or not,required argument are -p or -f
-U         print UUID of a given device,required argument: -d
-H         compare a header on a luks device to a backup header,required arg: -d and -f
-M         create a publicly accessible "mirror" of the mount point in "/run/media/public/" from the original created in "/run/media/private/$USER/"
-J         create a plain mapper owned by the user who run the command on a device pointed by argument -d
-B         create a luks or truecrypt header backup
-R         restore a luks or truecrypt header on a device from backup

NOTE
A system partition is defined as a partition with an active entry in /etc/fstab and/or /etc/crypttab.
An active entry is an entry that is not commented out.

options that goes with above operations:
-G         module name to use to get a passphrase to open a volume
-e         mode for opening volumes(ro*/rw) when used with -o/-O.
-e         mode for managing a truecrypt header when used with -B/-R.Options can be "fde" for volumes that use whole disk
          encryption,"sys" for a windows system volume.The volume is assumed to be a normal one when the option is not set.
-k         do not ask for confirmation when doing dangerous operations
-d         path to a file or partition with encrypted volume
-m         path component to be added to mount point prefix(/run/media/private/$USER or /home/$USER)
-z         file system type installed(ext2,ext3,ext4* etc) or  or luks/tcrypt header backup path
-t         type of volume (vera,plain/luks*). "vera" is a necessary argument when opening a VeraCrypt volume
-g         options to be used when creating a volume.
          default for luks are:   "/dev/urandom.aes.xts-plain64.256.sha1"
          default for tcrypt are: "/dev/urandom.aes.xts-plain64.256.ripemd160"
          possible combination for tcrypt: "/dev/urandom.serpent:twofish:aes.xts-plain64.256.whirlpool"
-h         get passphrase interactively
-p         passphrase
-f         path to keyfile
-F         path to normal truecrypt multiple keyfiles.Multiple keyfiles are added by setting the option multiple times.
-V         path to hidden truecrypt multiple keyfiles.Multiple keyfiles are added by setting the option multiple times.
-y         passphrase already in the volume(required by -a if -u is absent and -h is also absent)
-u         path to keyfile with passphrase already in the volume(required by -a if -y is absent and -h is also absent)
-l         passphrase to be added(required by -a if -n is absent and -h is also absent)
-n         path to keyfile with a passphrase to be added (required by -a if -l is absent and -h is also absent)

Last Edit

Last change: Tue 09 Jun 2020 01:21:51 PM EAT