[dm-crypt] dm-crypt / LUKS FAQ monthly posting

markus reichelt ml at mareichelt.com
Fri Jul 2 21:06:34 CEST 2010


* Arno Wagner <arno at wagner.name> wrote:

>   * How can I use cryptsetup to mount loop-AES encrypted devices?
> 
>   (By ttsiodras) With these commands: 
>       sh# losetup /dev/loop0 /path/to/whatever/file/or/volume
>       sh# cryptsetup -c aes-plain -h sha512 create crypted /dev/loop0
>       Enter passphrase:
>       sh# mount /dev/mapper/crypted /mnt/heaven
>  
>   The above work for aes256 - for aes128, use "sha256".

Wth...

The user who submitted that must have been hiding under a rock quite
some time. At best, the mentioned foo works for single-key loop-AES
images. That's ancient, and since ages not even slightly a
recommended loop-AES usage. Maybe he can comment on that madness?

loop-AES.README has been clearly stating for years that a multi-key
setup has to be used, namely v3. An example /etc/fstab entry:

/dev/sda666 /mnt666 ext3 /defaults,noauto,loop=/dev/loop3,encryption=AES128,gpgkey=/keyfile.gpg 0

The correct line to unlock the listed volume via losetup is done via

losetup -F /dev/loop3

I sincerely doubt current stock dm-crypt is able to mount multi-key
loop-AES volumes. (Maybe someone using both can shed light on this in
more detail, I might have missed the integration of that patch
mentioned below)

Full access support for multi-key loop-AES volumes might evolve from
the work of Max Vozeler, first patch available at:

http://www.spinics.net/lists/crypto/msg04952.html


-- 
left blank, right bald
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20100702/f292fd45/attachment.asc>


More information about the dm-crypt mailing list