[dm-crypt] cryptsetup and loop-AES devices

Arno Wagner arno at wagner.name
Sat Dec 4 02:31:20 CET 2010

One thing you can try is to compile and run your own kenrel.
I have been doing that with Debian for 6-7 years now, without
any major issues. Its not even a "sort-of" Debian kernel,
just a hard boot of a kernel from kernel.org without initrd, 
both with modules and anything statically compiled in. I
am currently running with lenny.

I have never used loop-AES, but a short look at the instructions
at  http://loop-aes.sourceforge.net/loop-AES.README seems to 
indicate the module and tools can be built up to including the 
upcomming 2.6.37 kernel.


On Fri, Dec 03, 2010 at 08:11:33PM +0100, Markus Porto wrote:
> Hello,
> I have a very stupid question concerning dm-crypt: I recently moved to a new
> laptop on which I installed Debian squeeze. On my previous laptop (which run
> Debian lenny) I used dm-crypt for USB sticks etc. and loop-AES for CDs/DVDs.
> In Debian squeeze, somehow loop-AES does not to work anymore (there are a
> couple of reports concerning that), but I read on your web page
> http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions that
> dm-crypt can also handle loop-AES encrypted devices.
> I create an encrypted DVD of the directory /tmp/encrypted_dvd using
> cd /tmp
> yes "" | dd of=/tmp/encrypted_dvd.iso bs=512 count=16
> head -c 3705 /dev/urandom | uuencode -m - | head -n 66 | tail -n 65 | \
>  gpg --symmetric -a | dd of=/tmp/encrypted_dvd.iso conv=notrunc
> genisoimage -quiet -r /tmp/encrypted_dvd | \
>  aespipe -e AES128 -K /tmp/encrypted_dvd.iso -O 16 >> /tmp/encrypted_dvd.iso
> growisofs -dvd-compat -speed=8 -Z /dev/dvd=/tmp/encrypted_dvd.iso
> so that the first 8192 bytes contain the encrypted keys.
> Previously (with Debian lenny), I mounted the DVD using the options
> `ro,exec,loop,encryption=AES128,gpgkey=/dev/dvd,offset=8192' which does not
> work anymore (error message `ioctl: LOOP_SET_STATUS: Invalid argument,
> requested cipher or key length (128 bits) not supported by kernel'). If I
> understood properly, the point is that cryptoloop support has been dropped
> from the squeeze kernel.
> In any case, I still need to read my old CDs/DVDs: How can I do that using
> cryptsetup? I read on the web page mentioned above that
> losetup /dev/loop0 /dev/dvd
> cryptsetup -c aes-plain -h sha256 create encrypted /dev/loop0
> mount /dev/mapper/encrypted /media/encrypted_dvd
> should do it, but this does not work (/dev/mapper/encrypted is not an
> ISO9660 filesystem). I tried to add options -o 4 or -p 4 (I understood that
> the size is in blocks and that block size is 2048 bytes for DVDs), and also
> several other values such as 16 (block size 512). How do I have to call
> cryptsetup in my case?
> Many thanks for your kind help.
> Best regards,
> Markus Porto
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

More information about the dm-crypt mailing list