in what I know. Could someone tell me:
- I have 2 cryptoapi systems
-- first system: kernel 2.4.21, with loop-jari, patch-int-2.4.21 compiled in. I've compiled utils-linux 2.11x with patch for cryptoapi.
-- if I want to mount the crypted partition, I have to:
/sbin/insmod cryptoapi
/sbin/insmod cryptoloop
/sbin/insmod cipher-twofish/sbin/losetup -e twofish -k 256 /dev/loop0 /dev/hdb
/bin/mount /dev/loop0 /pool
.... grrgrrgrrrr.... partition mounted on pool, OK, everything is perfect
-- situation two:
-- i want - because of security problems - install 2.4.23 kernel
-- tar zxvf kernel....2.4.23
-- install cryptoloop patch: patch -sp1 < patch-cryptoloop-jari-2.4.22.0 (works well even for 2.4.23)
-- small hack of crypto/Config.in due to tristate buttons (merci Florent)
-- then I select loop=y, cryptoloop=y, from block devices
-- from cryptographics, which now works due to new config.in: sha256 = y, twofish=y
-- make dep; make modules; make modules_install; make bzInstall; make install
-- kernel is installed, works perfectly
-- compilation of utils-linux 2.12 WITH losetup-combined.patch
-- I have new losetup compiled, everything OK
-- compilation of hashalot + install -> ok
-----------------
-- now I need to mount the same damn disk:
-- sha256 | ./losetup -p0 -e twofish-256 /dev/loop0 /dev/hdb
-- ./mount /dev/loop0 /pool
----------------- ERROR: unknown filesystem, you must specify filesystem.....
question: what's wrong? are the two systems compatible??
thanks a lot david
David Belohrad napsal(a):
Hi all,
please is there somewhere consistent talk about migration of cryptoapi when changing the kernel?
In my case:
-- I have linux kernel 'Linux localhost 2.4.21-0.13mdkcustom-dejfson #6 Čt dub 10 23:29:41 CEST 2003 i686 unknown unknown GNU/Linux', which is mdk 2.4.21
with added support for 'old' cryptoapi (= loop-jari + int patch).
-- because of security I want to move to 2.4.23 kernel. The problem is, that 2.4.23 already has some 'strange' version of CryptoAPI inside, so if I want to add my old
cryptoapi support, the patches are confusing the kernel.
-- for this I've found in this mailing conference how to make it with the crypto what is in kernel (adding patch patch-cryptoloop-jari-2.4.22.0 to vanilla 2.4.23). This
works without problem, but when I go to make xconfig, and I select loop device and cryptoloop device (as modules), the cryptographic support is then completely
grayed, so I cannot make a selection of the cipher I have (twofish-256).
-- if I compile the system as it is (with grayed ciphers), i compile util-linux + hashalot, then when I try to mount, it says that the cipher is not existing.
....................
-- ok, another try: i've hacked little Config.in from crypto not to have tristate buttons in cryptoapi menu, then I've selected to compile loop, cryptoloop, two-fish (as module)
-- compile -- ok, makes module of twofish
-- insmod cryptoloop, twofish = ok
-- compile util-linux, -- ok
.....................
try to mount:
sha256 | ./losetup -p0 -e twofish-256 /dev/loop0 /dev/hdb mount /dev/loop0 /pool
........... incorrect fs type....
so some questions:
where I do the mistake?
what is the difference between manual patched cryptoapi (ie it creates in kernel directory /crypto, /crypto/ciphers, /crypto/cryptoloop...) and
the cryptoapi which is already in the kernel 2.4.22?
what is the correct migration to be able to mount the 'old' cryptoapi with new kernel cryptoapi? (i have 120gb disk encrypted with twofish, so i cannot simply make
a new partition and copy there all the data to be able to make new cryptoapi partition)
is there any document to read about all the 'loop' and other patches?? there is a lot of patches, which do different things...
thanks for answers david belohrad
------------------------------------------- David Belohrad, Div. PS/Beam Diagnostics C.E.R.N. Site de Meyrin, CH 1211 Geneva 23 http://www.cern.ch David.Belohrad@xxxxxxx Tel +41.22.76.76318 Fax +41.22.76.78200 GSM +41.79.73.50937 -------------------------------------------
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
