Hi, I'm trying to have cryptsetup use a key I provide, but am having a couple of issues; With XTS, If I provide a key in hex to cryptsetup with "-h plain", only half the key bits seem to be used. For example, if I specify "-s 256", I get the same results by supplying a 128-bit key as I do when supplying the expected 256-bit key, I need to supply a key of less than 128 bits to see any difference. Same when specifying "-s 512", all key sizes of 256 bits and above yeild the same result. It works as expected with CBC, and I'm not so sure about LRW. The second issue I've come across is, when supplying binary (rather than hex) key material, using "--key-file=-" to read the data from stdin, it doesn't error out if not enough data can be read, unlike when supplying an actual file to --key-file. For example, if you have a file (say "/tmp/foo") with 128 bits of random data, and run `cryptsetup -c aes-xts-benbi -s 256 --key-file=/tmp/foo create loop /dev/loop0`, it errors out with "Command failed: Key processing error: Could not read 32 bytes from key file", however if you run `cat /tmp/foo | cryptsetup -c aes-xts-benbi -s 256 --key-file=- create loop /dev/loop0`, it works when it shouldn't. Also, even when you do supply a key file of the required size, you get different results with `cat /tmp/foo | cryptsetup --key-file=-` than you do with `cryptsetup --key-file=/tmp/foo`... And finally, just something I noticed when looking into the above, with LRW both "-s 256" and "-s 320" are accepted (for aes), and from `dmsetup table` I can see that 256 and 320-bit keys are actually used by dmcrypt, respectively. Is this right? Thanks in advance for anything anyone can clear up or explain to me. (just as a note: when I talk about "results" I'm refering to the output of `hexdump /dev/mapper/loop | head`, where the underlying loop file is all zeros) --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
