tail head cat sleep
QR code linking to this page

Manual Pages  — DECRYPTCORE


decryptcore – decrypt a core dump of the operating system



decryptcore [-fLv] -p privatekeyfile -k keyfile -e encryptedcore -c core
decryptcore [-fLv] [-d crashdir] -p privatekeyfile -n dumpnr


The decryptcore utility first decrypts keyfile using privatekeyfile and then uses the resulting key to decrypt encryptedcore saved by savecore(8). The result is saved in core.

Alternatively a user can decrypt a core dump numbered dumpnr from the crashdir directory. In this case a dump key from the key.# file is used and the result is saved in the vmcore.# file where "#" corresponds to dumpnr.

By default decryptcore does not overwrite an old core dump as a user might want to store the core somewhere else for the future. This behaviour can be changed using the -f flag.

The decryptcore utility can be started with the following command line arguments:
-f Remove a decryped core dump if it already exists.
-L Write log messages to syslogd(8).
-v Print or log verbose/debugging information. This option can be specified multiple times to raise the verbosity level.
-p privatekeyfile
  Specify location of a private key file which will be used to decrypt a dump key file.
-k keyfile Specify location of a dump key file.
-e encryptedcore
  Specify location of an encrypted core.
-c core Specify location of a resulting decrypted core dump.
-d crashdir Specify an alternative crash dump directory. The default crash dump directory is /var/crash.
-n dumpnr Specify a number of a crash dump to be decrypted.


The utility exits 0 on success, and >0 if an error occurs.


kgdb(1), capsicum(4), dumpon(8), savecore(8), syslogd(8)


The decryptcore utility was implemented by Konrad Witaszczyk <Mt def@FreeBSD.org>.

DECRYPTCORE (8) January 29, 2018

tail head cat sleep
QR code linking to this page

Please direct any comments about this manual page service to Ben Bullock. Privacy policy.

UNIX is a four-letter word!