[dm-crypt] Question about how data is read using dm-crypt
sven at whgl.uni-frankfurt.de
Tue Feb 21 03:59:37 CET 2017
I'll inline the answers...
Am 21.02.2017 um 02:34 schrieb 박마루한:
> When I activate a volume using cryptsetup, I have the following:
> 1. Original image file 2. Block device from the image file 3. Image file
> that was created using cryptsetup
No. cryptsetup sets up a crypto mapping consisting of a
pseudo-blockdevice and operates on a blockdevice. It transforms writes
to the pseudoblockdevice to writes of encrypted data onto the backing
blockdevice, while a read operation will read from the backing
blockdevice, decipher the encrypted content and then deliver it to the
read() that was issued to the cleartext (pseudo)device.
> Then, you would make another block device from number 3.
No, since 3 is a blockdevice already.
> Now, here's where I am confused.
> I assume when you mount and write to the block device from the last step.
> I assume that this will cause writes to the file in number 3, which then
> cause writes to number 2 and 1.
> But when you read, do you just simply read from number 3? Or are you
> actually reading from number 1?
You usually read/write to and from the pseudoblockdevice created by
cryptsetup (the dmcrypt target, i.e. /dev/mapper/<cryptotargetname>),
which will in turn read from/write to the backing blockdevice. The
backing-device can also be called lower-device in terms of looking at a
stack, when it comes to Linux' storage system.
More information about the dm-crypt