[dm-crypt] Mechanics

julie_nuckey at trendmicro.co.uk julie_nuckey at trendmicro.co.uk
Wed Dec 2 12:20:31 CET 2009


I'm trying to understand the mechanics of how dm-crypt and cryptsetup work, in particular how data such as the password/key-file data is passed from user mode to kernel mode, and also generally what does what when setting up an encrypted volume.

 

As I understand it, dm-crypt is a pure kernel-mode application that does the encryption and decryption of data on the fly. It works independently of any on-disk format such as metadata like that used by LUKS. Have I got that right?

 

And cryptsetup is the pure user-mode application and this can work in "plain" mode, ie without LUKS, or in LUKS mode. Is that right? So how does the password/key get from cryptsetup (user mode) to dm-crypt (kernel mode) and does it differ depending on whether I'm using plain or LUKS mode? Does it use tables? Is the password/key written to the tables?

 

In LUKS mode, does cryptsetup generate the master key? In user mode? Does cryptsetup create/edit the metadata?

 

Thanks in advance for any clarification anyone can provide.

 


Trend Micro EMEA (GB) Limited, a Limited Liability Company. Registered in England No. 06766734. 
Registered office: Eversheds House, 70 Great Bridgewater Street, Manchester, M1 5ES
Trend Micro (UK) Limited, a Limited Liability Company. Registered in England No. 3698292. 
Registered Office: Pacific House, Third Avenue, Globe Business Park, Marlow, Bucks, SL7 1YL 
Telephone: +44 1628 400500 Facsimile: +44 1628 400511

This communication and any accompanying files and attachments are intended only for the recipient to whom it is addressed. 
If you have received this communication in error, please immediately notify the Sender. You are further notified that any disclosure, 
copying or other distribution of this communication, including its attachments is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20091202/b275e188/attachment.html>


More information about the dm-crypt mailing list