cryptsetup-luksHeaderRestore - Man Page

restore a binary backup of the LUKS header and keyslot area

Synopsis

cryptsetup luksHeaderRestore --header-backup-file <file> [<options>] <device>

Description

Restores a binary backup of the LUKS header and keyslot area from the specified file.
NOTE: Using '-' as filename reads the header backup from a file named '-'.

<options> can be [--header, --header-backup-file, --disable-locks].

WARNING: Header and keyslots will be replaced, only the passphrases from the backup will work afterward.

This command requires that the volume key size and data offset of the LUKS header already on the device and of the header backup match. Alternatively, if there is no LUKS header on the device, the backup will also be written to it.

Options

--header <device or file storing the LUKS header>

Use a detached (separated) metadata device or file where the LUKS header is stored. This option allows one to store ciphertext and LUKS header on different devices.

For commands that change the LUKS header (e.g. luksAddKey), specify the device or file with the LUKS header directly as the LUKS device.

--header-backup-file <file>

Specify file with header backup file.

--disable-locks

Disable lock protection for metadata on disk. This option is valid only for LUKS2 and ignored for other formats.

WARNING: Do not use this option unless you run cryptsetup in a restricted environment where locking is impossible to perform (where /run directory cannot be used).

--batch-mode,  -q

Suppresses all confirmation questions. Use with care!

If the --verify-passphrase option is not specified, this option also switches off the passphrase verification.

--debug or --debug-json

Run in debug mode with full diagnostic logs. Debug output lines are always prefixed by #.

If --debug-json is used, additional LUKS2 JSON data structures are printed.

--version,  -V

Show the program version.

--usage

Show short option help.

--help,  -?

Show help text and default parameters.

Reporting Bugs

Report bugs at cryptsetup mailing list or in Issues project section.

Please attach output of the failed command with --debug option added.

See Also

Cryptsetup FAQ

cryptsetup(8), integritysetup(8) and veritysetup(8)

Cryptsetup

Part of cryptsetup project.

Referenced By

cryptsetup(8).

2022-07-28 cryptsetup 2.5.0 Maintenance Commands