конфигурация для зашифрованных блочных устройств (Configuration for encrypted block devices)
Имя (Name)
crypttab - Configuration for encrypted block devices
Синопсис (Synopsis)
/etc/crypttab
Описание (Description)
The /etc/crypttab file describes encrypted block devices that are
set up during system boot.
Empty lines and lines starting with the "#" character are
ignored. Each of the remaining lines describes one encrypted
block device. Fields are delimited by white space.
Each line is in the form
volume-name encrypted-device key-file options
The first two fields are mandatory, the remaining two are
optional.
Setting up encrypted block devices using this file supports four
encryption modes: LUKS, TrueCrypt, BitLocker and plain. See
cryptsetup(8) for more information about each mode. When no mode
is specified in the options field and the block device contains a
LUKS signature, it is opened as a LUKS device; otherwise, it is
assumed to be in raw dm-crypt (plain mode) format.
The four fields of /etc/crypttab are defined as follows:
1. The first field contains the name of the resulting volume
with decrypted data; its block device is set up below
/dev/mapper/.
2. The second field contains a path to the underlying block
device or file, or a specification of a block device via
"UUID=" followed by the UUID.
3. The third field specifies an absolute path to a file with the
encryption key. Optionally, the path may be followed by ":"
and an /etc/fstab style device specification (e.g. starting
with "LABEL=" or similar); in which case the path is taken
relative to the specified device's file system root. If the
field is not present or is "none" or "-", a key file named
after the volume to unlock (i.e. the first column of the
line), suffixed with .key is automatically loaded from the
/etc/cryptsetup-keys.d/ and /run/cryptsetup-keys.d/
directories, if present. Otherwise, the password has to be
manually entered during system boot. For swap encryption,
/dev/urandom may be used as key file, resulting in a
randomized key.
If the specified key file path refers to an AF_UNIX
stream
socket in the file system, the key is acquired by connecting
to the socket and reading it from the connection. This allows
the implementation of a service to provide key information
dynamically, at the moment when it is needed. For details see
below.
4. The fourth field, if present, is a comma-delimited list of
options. The supported options are listed below.