Chris Kuklewicz wrote: > > > > > A little modules.conf magic will work when losetup tells the kernel the > > cipher by name (someday soon?). > > > > That would be part of the main kernel crypto patch, which I have not > looked at. > It's not there yet. But I guess it is planned that cipher--ids are then dynamically allocated (like handles) and you identify ciphers solely by name. Alex? > > > The current losetup has no command line flag to get the password or > > > the key from stdin or a file. Hmmmm... > > > > > > > Patch exists. Was posted to this ml. Search the archive for "a better > > util-linux.getpass.patch" > > > > I'll go back and grab it. Since my attachments bounced for being too > large, I will have to drop them on my web page. I'll wait until after > I look at this other patch first. > Someone should implement a command line switch '--key-fd' that is analoguos to '--pass-fd' but gives a fd where the _key_ (as opposed to the passphrase) is to be read from. Something along this line is mandatory for the support of transparent mounting of crypted home directories. There is a PAM module (pam_mount), which is not too far away from suppporting this. Search the PAM list, if anyone is interested. IIRC, it should be doable in the next revision 0.0.3 (or 0.3.0?), if losetup supports a '--key-fd' option. '--pass-fd' would suffice in theory, but that would disallow users to change their password. > > > Stupid crypto question...are the -cbc versions useful to losetup? > > > > > loop_gen always uses CBC mode implicitely. You cannot tell it to use > > another mode. > > > > Okay. I was confused by the /proc cipher id, which has a high bit set > for cbc modes, and so the LO_CRYPT_xxxx numbers only matched the non > cbc cipher ids. > Basically, as I interpret it, the low 16 bits of a cipher-ID are the for the cipher algorithm and the high 16 bits are for the mode. Currently mode can take values of 0x00000 (ECB) and 0x10000 (CBC). You get the cipher-ID by or'ing mode and algorithm, see loop_gen.c (or wherever that file got merged into loop.c in 2.2.18.x)... I currently have not much free time as our working groups has to write a report on the past three years of research and I have to collect everything ... :-( I try not to lose to much grip on the sources, though... Marc -- Marc Mutz <Marc@xxxxxxxx> http://EncryptionHOWTO.sourceforge.net/ University of Bielefeld, Dep. of Mathematics / Dep. of Physics PGP-keyID's: 0xd46ce9ab (RSA), 0x7ae55b9e (DSS/DH) Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
