[dm-crypt] Help What is ./configure --with-crypto_backend=openssl for?

Tung Nguyen tungn at dnanexus.com
Wed Sep 20 23:14:49 CEST 2017


Dear Milan,
Thank you so much for the excellent answer and so quick!
Tung

On Tue, Sep 19, 2017 at 10:49 PM, Milan Broz <gmazyland at gmail.com> wrote:

> On 09/20/2017 01:38 AM, Tung Nguyen wrote:
> > Dear Wizard(s),
> >
> > Help! I really need your help to understand --with-crypto_backend flag.
> >
> > I downloaded cryptsetup-1.7.5.tar.xz and noticed that configure -h
> > showed --with-crypto_backend=openssl. I wonder what that configure
> > flag is for?
> >
> > Obviously, the root Makefile had
> > CRYPTO_LIBS = -lssl -lcrypto
> > OPENSSL_LIBS = -lssl -lcrypto
> >
> > but how does dm-crypt relate or use openssl lib?
>
> It is not for dm-crypt but for userspace, LUKS header is processed in
> userspace.
> It will use hash, HMAC and PBKDF2 as crypto primitives from this userspace
> library
> when processing the LUKS header.
>
> Once the kernel dm-crypt device is configured, it is no longer used -
> dm-crypt
> use only kernel crypto API.
>
> Anyway, there are safe defaults, so if you do not understand some option,
> it is always better to not change it ;-)
>
> (Default is to use libgcrypt. Openssl should provide the same capabilities,
> other backends can be limited in compatibility - some hash algorithms are
> missing etc.
> You can configure also to use wrapper for kernel userspace crypto API, then
> userspace is not linked to any crypto library and uses only kernel crypto
> API.
> But as said, there are some possible limitations.)
>
> > ---
> > The contents of this e-mail and any attachments are confidential and
> > only for use by the intended recipient. Any unauthorized use,
> > distribution or copying of this message is strictly prohibited. If
> > you are not the intended recipient please inform the sender
> > immediately by reply e-mail and delete this message from your system.
> > Thank you for your co-operation.
>
> This corporate footnotes make me always smile when appear in a public list
> :-)
> Please if you can, do not use it. (I know it is sometimes forced though.)
>
> Milan
>

-- 
---
The contents of this e-mail and any attachments are confidential and only 
for use by the intended recipient. Any unauthorized use, distribution or 
copying of this message is strictly prohibited. If you are not the intended 
recipient please inform the sender immediately by reply e-mail and delete 
this message from your system. Thank you for your co-operation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20170920/353cc566/attachment.html>


More information about the dm-crypt mailing list