[dm-crypt] dm-crypt / LUKS FAQ monthly posting
markus reichelt
ml at mareichelt.com
Fri Jul 2 21:06:34 CEST 2010
* Arno Wagner <arno at wagner.name> wrote:
> * How can I use cryptsetup to mount loop-AES encrypted devices?
>
> (By ttsiodras) With these commands:
> sh# losetup /dev/loop0 /path/to/whatever/file/or/volume
> sh# cryptsetup -c aes-plain -h sha512 create crypted /dev/loop0
> Enter passphrase:
> sh# mount /dev/mapper/crypted /mnt/heaven
>
> The above work for aes256 - for aes128, use "sha256".
Wth...
The user who submitted that must have been hiding under a rock quite
some time. At best, the mentioned foo works for single-key loop-AES
images. That's ancient, and since ages not even slightly a
recommended loop-AES usage. Maybe he can comment on that madness?
loop-AES.README has been clearly stating for years that a multi-key
setup has to be used, namely v3. An example /etc/fstab entry:
/dev/sda666 /mnt666 ext3 /defaults,noauto,loop=/dev/loop3,encryption=AES128,gpgkey=/keyfile.gpg 0
The correct line to unlock the listed volume via losetup is done via
losetup -F /dev/loop3
I sincerely doubt current stock dm-crypt is able to mount multi-key
loop-AES volumes. (Maybe someone using both can shed light on this in
more detail, I might have missed the integration of that patch
mentioned below)
Full access support for multi-key loop-AES volumes might evolve from
the work of Max Vozeler, first patch available at:
http://www.spinics.net/lists/crypto/msg04952.html
--
left blank, right bald
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20100702/f292fd45/attachment.asc>
More information about the dm-crypt
mailing list