On Apr 26, 2005, at 2:01 PM, <info@xxxxxxxxxxxx> wrote:
But give the encryption as -e twofish256 after you've loaded the loop_twofish kernel module and see if that helps.
no - it does not matter if I use a dash or not - it won't work
Have you installed the loop-aes ciphers? Have you installed the loop_twofish module via modprobe?
Second is key management, which is very flexible, but you have to implement your own method. The loop-aes README is a great resource for new implementations, using GPG. But that does not help you if you are trying to use data from another drive encryption product...<<
yes. I used some old patched cryptoloop version from kernel 2.4 I think
http://clemens.endorphin.org/Cryptoloop_Migration_Guide
and this utility from Jari:
Attachment:
binary-key-remap-to-unhashed1.c.bz2
Description: Binary data
Begin forwarded message:
From: Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx> Date: September 22, 2004 11:02:57 AM MDT To: Richard Hall <r.j.hall@xxxxxxxxxx> Cc: linux-crypto@xxxxxxxxxxxx Subject: Re: Cryptoloop difference between Gentoo and SuSE Kernel
Richard Hall wrote:
Jari Ruusu wrote:
If you are using losetup and mount from loop-AES package, you can specify
mainline util-linux compatible key setup like this:
losetup -e AES256 -H unhashed2 -p 0 /dev/loop0 /dev/sdb1 </etc/ backup/aes.key
^^^^^^^^^^^^
Or kerneli.org compatible key setup like this:
losetup -e AES256 -H rmd160 -p 0 /dev/loop0 /dev/sdb1 </etc/ backup/aes.key
^^^^^^^^^
I finally got it working by downloading the util-linux and util-linux
cryptoloop patch from the gentoo mirror, compiling it on the suse system
and running it from the compiled directory. I don't know what the hell
is done differently but something obviously is.
I downloaded util-linux-2.12b-cryptoapi-losetup.patch.bz2 from one gentoo
mirror, and that appears to be Ben Slusky's keygen patch. It is little bit
weird because it uses different key setup for interactive and
read-from-filedescriptor modes of operation. Interactive key setup appears
to be mainline util-linux compatible, but read-from-filedescriptor type key
setup reads up to 32 bytes of binary key material from file descriptor.
Anyway, I wrote small converter program that reads up to 32 bytes of binary
key material from stdin and writes out loop-AES unhashed1 password hash type
compatible password to stdout. Source for binary-key-remap-to- unhashed1
program is attached. It can be compiled like this:
gcc -O2 -Wall binary-key-remap-to-unhashed1.c -o /usr/local/bin/ binary-key-remap-to-unhashed1
And used like this (with loop-AES patched losetup and mount):
cat /etc/backup/aes.key | binary-key-remap-to-unhashed1 128 | losetup -p 0 -e AES -H unhashed1 /dev/loop0 /dev/sdb1
^^^ ^^^^^^^^^^^^
number of bits in key (128, 192 or 256)
Or:
cat /etc/backup/aes.key | binary-key-remap-to-unhashed1 128 | mount -p 0 -t ext2 /dev/sdb1 /mnt -o encryption=AES,phash=unhashed1
^^^^^^^^^^^^^^^
Or, if you want to change password, like this:
cat /etc/backup/aes.key | binary-key-remap-to-unhashed1 128 | gpg --symmetric -a >/etc/fskey-sdb1.gpg
mount -t ext2 /dev/sdb1 /mnt -o encryption=AES,phash=unhashed1,gpgkey=/etc/fskey-sdb1.gpg
