cryptsetup: update page; cryptsetup-{open,luksformat}: add page (#14153)

pages/linux/cryptsetup-luksformat.md

@@ -0,0 +1,17 @@
+# cryptsetup luksFormat
+
+> Initialize a LUKS partition and the initial key slot (0) with a passphrase or keyfile.
+> Note: this operation overwrites all data on the partition.
+> More information: <https://manned.org/cryptsetup-luksFormat>.
+
+- Initialize a LUKS volume with a passphrase:
+
+`cryptsetup luksFormat {{/dev/sdXY}}`
+
+- Initialize a LUKS volume with a keyfile:
+
+`crypsetup luksFormat {{/dev/sdXY}} {{path/to/keyfile}}`
+
+- Initialize a LUKS volume with a passphrase and set its label:
+
+`cryptsetup luksFormat --label {{label}} {{/dev/sdXY}}`

pages/linux/cryptsetup-open.md

@@ -0,0 +1,26 @@
+# cryptsetup open
+
+> Create a decrypted mapping of an encrypted volume.
+> Note: with TRIM enabled, minimal data leakage in form of freed block information, perhaps sufficient to determine the filesystem in use may occur.
+> However, you still most likely want to enable it, because the data inside is still safe and SSDs without TRIM will wear out faster.
+> More information: <https://manned.org/cryptsetup-open>.
+
+- Open a LUKS volume and create a decrypted mapping at `/dev/mapper/mapping_name`:
+
+`cryptsetup open {{/dev/sdXY}} {{mapping_name}}`
+
+- Use a keyfile instead of a passphrase:
+
+`cryptsetup open --key-file {{path/to/file}} {{/dev/sdXY}} {{mapping_name}}`
+
+- Allow the use of TRIM on the device:
+
+`cryptsetup open --allow-discards {{/dev/sdXY}} {{mapping_name}}`
+
+- Write the `--allow-discards` option into the LUKS header (the option will then always be used when you open the device):
+
+`cryptsetup open --allow-discards --persistent {{/dev/sdXY}} {{mapping_name}}`
+
+- Open a LUKS volume and make the decrypted mapping read-only:
+
+`cryptsetup open --readonly {{/dev/sdXY}} {{mapping_name}}`

pages/linux/cryptsetup.md

@@ -1,20 +1,25 @@
 # cryptsetup
 
-> Manage plain dm-crypt and LUKS (Linux Unified Key Setup) encrypted volumes.
-> More information: <https://gitlab.com/cryptsetup/cryptsetup/>.
+> Manage plain `dm-crypt` and LUKS (Linux Unified Key Setup) encrypted volumes.
+> Some subcommands such as `luksFormat` have their own usage documentation.
+> More information: <https://manned.org/cryptsetup>.
 
-- Initialize a LUKS volume (overwrites all data on the partition):
+- Initialize a LUKS volume with a passphrase (overwrites all data on the partition):
 
-`cryptsetup luksFormat {{/dev/sda1}}`
+`cryptsetup luksFormat {{/dev/sdXY}}`
 
-- Open a LUKS volume and create a decrypted mapping at `/dev/mapper/target`:
+- Open a LUKS volume and create a decrypted mapping at `/dev/mapper/mapping_name`:
 
-`cryptsetup luksOpen {{/dev/sda1}} {{target}}`
+`cryptsetup open {{/dev/sdXY}} {{mapping_name}}`
+
+- Display information about a mapping:
+
+`cryptsetup status {{mapping_name}}`
 
 - Remove an existing mapping:
 
-`cryptsetup luksClose {{target}}`
+`cryptsetup close {{mapping_name}}`
 
-- Change the LUKS volume's passphrase:
+- Change a LUKS volume's passphrase:
 
-`cryptsetup luksChangeKey {{/dev/sda1}}`
+`cryptsetup luksChangeKey {{/dev/sdXY}}`