DragonFly On-Line Manual Pages
CRYPTTAB(5) DragonFly File Formats Manual CRYPTTAB(5)
crypttab -- encrypted disk device table
The crypttab file contains a list of the encrypted disk devices of the
system. Each encrypted volume is described on a separate line; fields on
each line are separated by tabs or spaces.
The first field, (name), contains the name of the resultant crypto volume
device, which will be a node in /dev/mapper with the given name.
The second field, (device), is the underlying device on which the crypto
volume resides and must be a full device path to a node in /dev.
The third field, (keyfile), is either the value none or the full path on
the file system to a keyfile to unlock the crypto volume. If none is
specified, the system will prompt for a password during the boot
The fourth field, (options), can contain a comma separated list with the
following options on DragonFly or can be set to none.
tries=N Prompt for the passphrase at most N times if the
entered passphrase is incorrect.
timeout=T Time out the interactive passphrase prompt after T
keyscript=script Run the script pointed at by script to get the
passphrase. The stdout output of the script will be
used as the passphrase instead of showing an inter-
Note that the crypttab file on DragonFly currently only supports LUKS
volumes and not raw cryptsetup(8) volumes.
If the dm_target_crypt(4) target is not built-in, make sure to set up
loader.conf(5) to preload it, since dm(4) is not able to autoload the
targets before /boot is mounted.
/etc/crypttab The crypttab file resides in /etc.
The following line specifies a crypto volume without a keyfile, so that a
password will be prompted during the boot sequence. Upon successful entry
of the password the device /dev/mapper/vol1 will be created.
vol1 /dev/da0s1b none none
The next example is as the one before but using a keyfile on /boot
instead of an interactive password prompt.
vol1 /dev/da0s1b /boot/keyfile.0 none
The last example shows the use of the options. It will ask at most 2
times for a passphrase and time out after 10 seconds.
vol1 /dev/da0s1b none tries=2,timeout=10
The crypttab file format appeared in DragonFly 2.9.
DragonFly 3.5 October 22, 2010 DragonFly 3.5