[dm-crypt] What does the "create" action do?
gmazyland at gmail.com
Wed Aug 31 12:38:14 CEST 2016
On 08/31/2016 09:09 AM, 박마루한 wrote:
> How is it different from "luksFormat" and "luksOpen"?
create is for non-LUKS (plain) devices (no on-disk header)
LUKS uses on-disk header and keyslots. It is not so hard to find
it in cryptsetup man page.
> I need to use the create action over the luks action because I'm on RHEL 4, where there's only cryptsetup0.1
In general, you cannot do this. This cryptsetup version doesn't support LUKS.
I think some recent cryptsetup versions can be compiled on RHEL4,
but it will not work because of missinf some kernel functionality.
You can translate mapping to dmsetup commands (cryptsetup create is basically
just wrapper over this) but RHEL4 kernel will probably be missing XTS mode or some IV,
and for CBC mode is missing ESSIV which is default for LUKS.
RHEL4 is EOL already. Do not use it for LUKS.
(For RHEL5 there is cryptsetup-luks package.)
More information about the dm-crypt