[dm-crypt] Initialization Vector using plain aes-cbc

Ralf Ramsauer ralf at ramses-pyramidenbau.de
Wed Sep 26 15:17:43 CEST 2012


Just a simple question:

If I do:
dd if=/dev/zero of=foobar bs=1M count=50
dd if=/dev/urandom of=keyfile bs=32 count=1

cryptsetup create asd ./foobar --cipher=aes-cbc-essiv:sha256 --key-file key
cryptsetup create asd ./foobar --cipher=aes-cbc
Enter Passphrase: ..........

work fine.

But if I do
cryptsetup create asd ./encrypted --cipher=aes-cbc --key-file key
I get
device-mapper: reload ioctl on  failed: Invalid argument

For sure, cbc-essiv generates the initialization vector itself. But how
does the second command
get its IV?
cryptsetup create asd ./foobar --cipher=aes-cbc
Does it derive the IV from the passphrase?

And why does
cryptsetup create asd ./foobar --cipher=aes-cbc --key-file key
not work? (No IV for cbc?)

Thanks a lot!

Ralf Ramsauer

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20120926/274a839e/attachment.asc>

More information about the dm-crypt mailing list