[dm-crypt] Using dmsetup directly instead of cryptsetup

dhvvcb at lavabit.com dhvvcb at lavabit.com
Sat May 21 20:40:36 CEST 2011

Usually I run command

cryptsetup -d /path/to/key -c aes-cbc-essiv:sha256 -s 256 create
hdd2 /dev/sdc

and /dev/mapper/hdd2 is created.

I tried to follow the example given on home page

echo 0 <sector count> crypt <sector format> <key> <IV offset> <real
device> <sector offset> | dmsetup create name

where <key> is a hexadecimal representation of the binary key. As a
result, /dev/mapper/name should be created.

To create /dev/mapper/hdd2 corresponding to /dev/sdc I run the commands:

echo 0 $(blockdev --getsz /dev/sdc) crypt aes-cbc-essiv:sha256
"$(cat /path/to/key.hex)" 0 /dev/sdc 0 | dmsetup create hdd2

Here '/path/to/key.hex' is the hexadecimal representation of binary
'/path/to/key'. I converted 'key' to 'key.hex' with the help of hexdump.
Size of 'key.hex' file (65B) is twice as large as binary 'key' (32B)
because each binary symbol is determined by two hexadecimal numbers.

However this /dev/mapper/hdd2 can not be mounted. While /dev/mapper/hdd2
created with cryptsetup is mounted. So straightforward dmsetup usage and
cryptsetup create different /dev/mapper/hdd2, though key is the same.

The question is how to use dmsetup straightforward so as it would give
the same encrypted device as cryptsetup does.

More information about the dm-crypt mailing list