Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages

Manual Reference Pages  -  PMT-EHD (8)


pmt-ehd - create an encrypted disk image




pmt-ehd [-DFx] [-c fscipher] [-h hash] [-k fscipher_keybits] [-t fstype] -f container_path -s size_in_mb


Mandatory options that are absent are inquired interactively, and pmt-ehd will exit if stdin is not a terminal.
-D Turn on debugging strings.
-F Force operation that would otherwise ask for interactive confirmation. Multiple -F can be specified to apply more force.
-c cipher
  The cipher to be used for the filesystem. This can take any value that cryptsetup(8) recognizes, usually in the form of "cipher-mode[-extras]". Recommended are aes-cbc-essiv:sha256 (this is the default) or aes-xts-essiv:sha256.
-f path
  Store the new disk image at path. If the file already exists, pmt-ehd will prompt before overwriting unless -F is given. If path refers to a symlink, pmt-ehd will act even more cautious.
-h hash
  Message digest/hash used for key derivation in the PBKDF2 stage. The default is sha512.
-i cipher
  (This option had been removed in pam_mount/pmt_ehd 2.11.)
-k keybits
  The keysize for the cipher specified with -c. Some ciphers support multiple keysizes, AES for example is available with at least the keysizes 192 and 256. Defaults to 256 (to match aes-cbc-essiv). Note that XTS uses two keys, but drawn from the same key material, so aes-cbc-256 is equivalent to aes-xts-512, and aes-cbc-128 is to aes-xts-256.
-p path
  (This option had been removed in pam_mount/pmt_ehd 2.11.)
-s size
  The initial size of the encrypted filesystem, in megabytes. This option is ignored when the filesystem is created on a block device.
-t fstype
  Filesystem to use for the encrypted filesystem. Defaults to xfs.
-u user
  Give the container and fskey files to user (because the program is usually runs as root, and the files would otherwise retain root ownership).
-x Do not initialize the container with random bytes. This may impact secrecy.


pmt-ehd can be used to create a new encrypted container, and replaces the previous mkehd script as well as any HOWTOs that explain how to do it manually. Without any arguments, pmt-ehd will interactively ask for all missing parameters. To create a container with a size of 256 MB, use:

pmt-ehd -f /home/user.cont -s 256

Search for    or go to Top of page |  Section 8 |  Main Index

pam_mount PMT-EHD (8) 2011-Aug-05

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.