On Fri, Nov 05, 2010 at 10:49:33AM +0100, octane indice wrote: > Hello, > > In order to better understand how cryptsetup works, I'm asking if there is a > 'big picture' or a debug mode explaining how things are done. (I'm asking > about cryptsetup, not LUKS). As MIlan already wrote, it is basically just the application of two crypto algorithms, both of which are not in cryptsetup, but in the kernel. As they are used in the context of the device mapper, they need to be in the kernel, but if you do direct access via an userspace application, they can be anywhere. For your experiments, I recomend that you use a small loop-file, mount it via dm-crypt and put some plaintext in it, e.g. like this: head -c 1M /dev/zero > cfile # create empty file losetup /dev/loop0 cfile cryptsetup create c1 /dev/loop0 man bash > /dev/mapper/c1 cryptsetup remoce c1 losetup -d /dev/loop0 You can then trial decrypt cfile. You can use --cipher, and --hashto set something simpler than the curent defaults of aes-cbc-essiv:sha256, ripemd160, but that should not make too much of a difference. You can read about cipher modes here, if you want to do the mode yourself: http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation ESSIV is described here: http://en.wikipedia.org/wiki/ESSIV#ESSIV with the hash that listed after the ':' in the cipher spec. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
