Hi,
Attached are 3 patches to cryptsetup.8 you may or may not find
useful. (Patches to be applied from within the man directory).
The first and second must be applied in order.
Patched against the latest svn readonly.
cryptsetup.8.sentences.patch1:
Sentence structure edits and clarification of what
effective revocation means.
cryptsetup.8.slots.patch2
New text explaining the "slot" and "key"
vocabulary.
cryptsetup.8.luksremovekey.patch3
Since the vocabulary (remove) used in
luksRemoveKey differs from that (kill)
used in luksKillSlot clarify that they
do the same thing. (IMO, it would have been nice
if the operation names were "symmetric", say,
'luksRemoveKey' and 'luksRemoveSlot
because after glancing at the code it seems
they wind up calling the same function. Oh well.)
Regards,
Karl <kop@xxxxxxxx>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
--- cryptsetup.8 2011-09-04 12:03:10.000000000 -0500
+++ cryptsetup.8.sentences 2011-09-04 13:25:57.000000000 -0500
@@ -32,9 +32,10 @@
If \-\-size (in sectors) is not specified, the size of the underlying block device is used.
.SH LUKS EXTENSION
LUKS, Linux Unified Key Setup, is a standard for hard disk encryption.
-It standardizes a partition header, as well as the format of the bulk data.
-LUKS can manage multiple passwords, that can be revoked effectively
-and that are protected against dictionary attacks with PBKDF2.
+It standardizes a partition header as well as the format of the bulk data.
+LUKS can manage multiple passwords that can be individually revoked and
+effectively scrubbed from persistent media, and that are protected
+against dictionary attacks with PBKDF2.
These are valid LUKS actions:
--- cryptsetup.8.sentences 2011-09-04 13:25:57.000000000 -0500
+++ cryptsetup.8.slots 2011-09-04 13:36:09.000000000 -0500
@@ -37,6 +37,12 @@
effectively scrubbed from persistent media, and that are protected
against dictionary attacks with PBKDF2.
+Each password, usually called a
+.B key
+in this document, is associated with a slot, of which there are typically 8.
+Key operations that do not specify a slot affect the first slot
+matching the supplied key.
+
These are valid LUKS actions:
\fIluksFormat\fR <device> [<key file>]
--- cryptsetup.8.slots 2011-09-04 13:36:09.000000000 -0500
+++ cryptsetup.8.luksremovekey 2011-09-04 13:38:20.000000000 -0500
@@ -95,7 +95,7 @@
.PP
\fIluksRemoveKey\fR <device> [<key file>]
.IP
-remove supplied key or key file from LUKS device
+remove supplied key or key file from LUKS device in the manner of \fIluksKillSlot\fR.
.PP
\fIluksChangeKey\fR <device> [<new key file>]
.IP
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
