CRYPTSETUP-BITLKDUMP(8) Maintenance Commands CRYPTSETUP-BITLKDUMP(8)

cryptsetup-bitlkDump - dump the header information of a BITLK (BitLocker compatible) device

cryptsetup bitlkDump [<options>] <device>

Dump the header information of a BITLK (BitLocker compatible) device.

If the --dump-volume-key option is used, the BITLK device volume key is dumped instead of header information. You have to provide a password or keyfile to dump the volume key.

Beware that the volume key can be used to decrypt the data stored in the container without a passphrase. This means that if the volume key is compromised, the whole device has to be erased to prevent further access. Use this option carefully.

<options> can be [--dump-volume-key, --volume-key-file, --key-file, --keyfile-offset, --keyfile-size, --timeout].

--batch-mode, -q

Suppresses all confirmation questions. Use with care!

If the --verify-passphrase option is not specified, this option also switches off the passphrase verification.

--debug or --debug-json

Run in debug mode with full diagnostic logs. Debug output lines are always prefixed by #.

If --debug-json is used, additional LUKS2 JSON data structures are printed.

--dump-volume-key, --dump-master-key (OBSOLETE alias)

Print the volume key in the displayed information. Use with care, as the volume key can be used to bypass the passphrases, see also option --volume-key-file.

--help, -?

Show help text and default parameters.

--key-file, -d file

Read the passphrase from the file.

If the name given is "-", then the passphrase will be read from stdin. In this case, reading will not stop at newline characters.

See section NOTES ON PASSPHRASE PROCESSING in cryptsetup(8) for more information.

--keyfile-offset value

Skip value bytes at the beginning of the key file.

--keyfile-size, -l value

Read a maximum of value bytes from the key file. The default is to read the whole file up to the compiled-in maximum that can be queried with --help. Supplying more data than the compiled-in maximum aborts the operation.

This option is useful to cut trailing newlines, for example. If --keyfile-offset is also given, the size count starts after the offset.

--timeout, -t seconds

The number of seconds to wait before a timeout on passphrase input via terminal. It is relevant every time a passphrase is asked. It has no effect if used in conjunction with --key-file.

This option is useful when the system should not stall if the user does not input a passphrase, e.g., during boot. The default is a value of 0 seconds, which means to wait forever.

--usage

Show short option help.

--version, -V

Show the program version.

--volume-key-file file, --master-key-file file (OBSOLETE alias)

Use a volume key stored in a file.

The volume key is stored in a file instead of being printed out to standard output.

Report bugs at cryptsetup mailing list <cryptsetup@lists.linux.dev> or in Issues project section https://gitlab.com/cryptsetup/cryptsetup/-/issues/new.

Please attach the output of the failed command with --debug option added.

Cryptsetup FAQ https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions

cryptsetup(8), integritysetup(8) and veritysetup(8)

Part of cryptsetup project https://gitlab.com/cryptsetup/cryptsetup/.

2025-08-13 cryptsetup 2.8.1