tail head cat sleep
QR code linking to this page

Manual Pages  — DECRYPTCORE


decryptcore – decrypt a core dump of the operating system



decryptcore [-fLv] -p privatekeyfile -k keyfile -e encryptedcore -c core
decryptcore [-fLv] [-d crashdir] -p privatekeyfile -n dumpnr


The decryptcore utility first decrypts keyfile using privatekeyfile and then uses the resulting key to decrypt encryptedcore saved by savecore(8). The result is saved in core.

Alternatively a user can decrypt a core dump numbered dumpnr from the crashdir directory. In this case a dump key from the key.# file is used and the result is saved in the vmcore.# file where "#" corresponds to dumpnr.

By default decryptcore does not overwrite an old core dump as a user might want to store the core somewhere else for the future. This behaviour can be changed using the -f flag.

The decryptcore utility can be started with the following command line arguments:
-f Remove a decryped core dump if it already exists.
-L Write log messages to syslogd(8).
-v Print or log verbose/debugging information. This option can be specified multiple times to raise the verbosity level.
-p privatekeyfile
  Specify location of a private key file which will be used to decrypt a dump key file.
-k keyfile Specify location of a dump key file.
-e encryptedcore
  Specify location of an encrypted core.
-c core Specify location of a resulting decrypted core dump.
-d crashdir Specify an alternative crash dump directory. The default crash dump directory is /var/crash.
-n dumpnr Specify a number of a crash dump to be decrypted.


The utility exits 0 on success, and >0 if an error occurs.


kgdb(1), capsicum(4), dumpon(8), savecore(8), syslogd(8)


The decryptcore utility was implemented by Konrad Witaszczyk <Mt def@FreeBSD.org>.

DECRYPTCORE (8) January 29, 2018

tail head cat sleep
QR code linking to this page

Please direct any comments about this manual page service to Ben Bullock. Privacy policy.