man7.org > Linux > man-pages

Linux/UNIX system programming training

cryptsetup-bitlkDump(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | REPORTING BUGS | SEE ALSO | CRYPTSETUP 

CRYPTSETUP-BITLKDUMP(8)    Maintenance Commands   CRYPTSETUP-BITLKDUMP(8)

NAME         top

       cryptsetup-bitlkDump - dump the header information of a BITLK
       (BitLocker compatible) device

SYNOPSIS         top

       cryptsetup bitlkDump [<options>] <device>

DESCRIPTION         top

       Dump the header information of a BITLK (BitLocker compatible)
       device.

       If the --dump-volume-key option is used, the BITLK device volume
       key is dumped instead of header information. You have to provide a
       password or keyfile to dump the volume key.

       Beware that the volume key can be used to decrypt the data stored
       in the container without a passphrase. This means that if the
       volume key is compromised, the whole device has to be erased to
       prevent further access. Use this option carefully.

       <options> can be [--dump-volume-key, --volume-key-file,
       --key-file, --keyfile-offset, --keyfile-size, --timeout].

OPTIONS         top

       --batch-mode, -q
           Suppresses all confirmation questions. Use with care!

           If the --verify-passphrase option is not specified, this
           option also switches off the passphrase verification.

       --debug or --debug-json
           Run in debug mode with full diagnostic logs. Debug output
           lines are always prefixed by #.

           If --debug-json is used, additional LUKS2 JSON data structures
           are printed.

       --dump-volume-key, --dump-master-key (OBSOLETE alias)
           Print the volume key in the displayed information. Use with
           care, as the volume key can be used to bypass the passphrases,
           see also option --volume-key-file.

       --help, -?
           Show help text and default parameters.

       --key-file, -d file
           Read the passphrase from the file.

           If the name given is "-", then the passphrase will be read
           from stdin. In this case, reading will not stop at newline
           characters.

           See section NOTES ON PASSPHRASE PROCESSING in cryptsetup(8)
           for more information.

       --keyfile-offset value
           Skip value bytes at the beginning of the key file.

       --keyfile-size, -l value
           Read a maximum of value bytes from the key file. The default
           is to read the whole file up to the compiled-in maximum that
           can be queried with --help. Supplying more data than the
           compiled-in maximum aborts the operation.

           This option is useful to cut trailing newlines, for example.
           If --keyfile-offset is also given, the size count starts after
           the offset.

       --timeout, -t seconds
           The number of seconds to wait before a timeout on passphrase
           input via terminal. It is relevant every time a passphrase is
           asked. It has no effect if used in conjunction with
           --key-file.

           This option is useful when the system should not stall if the
           user does not input a passphrase, e.g., during boot. The
           default is a value of 0 seconds, which means to wait forever.

       --usage
           Show short option help.

       --version, -V
           Show the program version.

       --volume-key-file file, --master-key-file file (OBSOLETE alias)
           Use a volume key stored in a file.

           The volume key is stored in a file instead of being printed
           out to standard output.

REPORTING BUGS         top

       Report bugs at cryptsetup mailing list
       <cryptsetup@lists.linux.dev> or in Issues project section
       <https://gitlab.com/cryptsetup/cryptsetup/-/issues/new>.

       Please attach the output of the failed command with --debug option
       added.

SEE ALSO         top

       Cryptsetup FAQ
       <https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions>

       cryptsetup(8), integritysetup(8) and veritysetup(8)

CRYPTSETUP         top

       Part of cryptsetup project
       <https://gitlab.com/cryptsetup/cryptsetup/>. This page is part of
       the Cryptsetup ((open-source disk encryption)) project.
       Information about the project can be found at 
       ⟨https://gitlab.com/cryptsetup/cryptsetup⟩. If you have a bug
       report for this manual page, send it to dm-crypt@saout.de. This
       page was obtained from the project's upstream Git repository
       ⟨https://gitlab.com/cryptsetup/cryptsetup.git⟩ on 2025-08-11. (At
       that time, the date of the most recent commit that was found in
       the repository was 2025-08-01.) If you discover any rendering
       problems in this HTML version of the page, or you believe there is
       a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

cryptsetup 2.8.1-git            2025-08-09        CRYPTSETUP-BITLKDUMP(8)

Pages that refer to this page: cryptsetup(8)

HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface.

For details of in-depth Linux/UNIX system programming training courses that I teach, look here.

Hosting by jambit GmbH.

Cover of TLPI