[dm-crypt] Newbie question --key-file

Li, David LiD at cloudshield.com
Fri Oct 26 04:06:33 CEST 2012


I am testing with a loop device /dev/loop0.  I want to use a 256-bit key file.

First I did:

-bash-4.1# cryptsetup --key-file keyfile-1 luksFormat /dev/loop0

This will overwrite data on /dev/loop0 irrevocably.

Are you sure? (Type uppercase yes): YES
device-mapper: reload ioctl failed: Invalid argument
Failed to setup dm-crypt key mapping for device /dev/loop0.
Check that kernel supports aes-cbc-essiv:sha256 cipher (check syslog for more info).

Question #1. Is the LUKS setup properly or not given the error? I checked my /proc/crypto and it doesn't seem to have the crypto aes-cbc-essiv nor does it have sha256.

-bash-4.1# cat /proc/crypto
name         : stdrng
driver       : krng
module       : kernel
priority     : 200
refcnt       : 1
selftest     : passed
type         : rng
seedsize     : 0

name         : crc32c
driver       : crc32c-generic
module       : kernel
priority     : 100
refcnt       : 2
selftest     : passed
type         : shash
blocksize    : 1
digestsize   : 4

name         : sha1
driver       : sha1-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 20

name         : md5
driver       : md5-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 16

But when I did the check, it seems LUKS has been setup with cbc-essiv:sha256.

-bash-4.1# -bash-4.1# cryptsetup -v isLuks /dev/loop0
Command successful.
-bash-4.1# blkid -p /dev/loop0
/dev/loop0: UUID="6732be3f-d385-4471-8c55-b0e2b43adf53" VERSION="256" TYPE="crypto_LUKS" USAGE="crypto"
-bash-4.1# cryptsetup luksDump /dev/loop0
LUKS header information for /dev/loop0

Version:               1
Cipher name:     aes
Cipher mode:     cbc-essiv:sha256
Hash spec:          sha1
Payload offset: 4096
MK bits:               256
MK digest:          b3 f8 1d 09 f8 50 65 29 50 21 ea cd 0b 4a 9d 6a 2a 70 04 84
MK salt:               f6 f8 2e 1e 5e 71 05 40 3e bc a4 a5 c1 ed 60 6e
                a5 f8 2d 63 e1 f5 42 2a 4f 4a ff 78 a4 e9 70 1e
MK iterations:   40875
UUID:                    6732be3f-d385-4471-8c55-b0e2b43adf53

Key Slot 0: DISABLED
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

So this is confusing to me.

Question #2. I went thru FAQ and didn't quite find an example using key-file to setup LUKS.  But I found this line:

cryptsetup luksOpen --key-file keyfile /dev/loop0 e1

what is e1 here? Can someone give an example using key-file to set up a LUKS partition.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20121025/2f2c2589/attachment-0001.html>

More information about the dm-crypt mailing list