On Wed, Dec 02, 2009 at 12:20:31PM +0100, julie_nuckey@xxxxxxxxxxxxxxxx wrote: > > I'm trying to understand the mechanics of how dm-crypt and cryptsetup > work, in particular how data such as the password/key-file data is passed > from user mode to kernel mode, and also generally what does what when > setting up an encrypted volume. > > > > As I understand it, dm-crypt is a pure kernel-mode application that does > the encryption and decryption of data on the fly. It works independently > of any on-disk format such as metadata like that used by LUKS. Have I got > that right? Yes. It will happily de-/encrypt random data. No checking at all, not a single bit of metadata. Incidentially a dm-crypt volume (after an encrypted overwrite) is indistinguishable for a volume wiped with cryptographically strong randomness. In fact I use dm-crypt to wipe disks: 1.) Set-up with random key (from /dev/random) 2.) Overwrite with weak randomness or zeros. > And cryptsetup is the pure user-mode application and this can work in > "plain" mode, ie without LUKS, or in LUKS mode. Is that right? So how does > the password/key get from cryptsetup (user mode) to dm-crypt (kernel mode) > and does it differ depending on whether I'm using plain or LUKS mode? Does > it use tables? Is the password/key written to the tables? My guess would be that the key data is basically the same as for directly using ciphers in the kernel. Some call will transfer them. No idea about the details, but dm-crypt is basically a device mapper target and should use the same mechanisms. The device mapper page at http://sources.redhat.com/dm/ may have more information. > In LUKS mode, does cryptsetup generate the master key? In user mode? Does > cryptsetup create/edit the metadata? Yes, AFAIK. The kernel does not understand LUKS. > Thanks in advance for any clarification anyone can provide. Side note: What about linebreaks? It is not nice to have to reformat your message before answering... Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
