Newbie question --key-file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

 

I am testing with a loop device /dev/loop0.  I want to use a 256-bit key file.

 

First I did:

 

-bash-4.1# cryptsetup --key-file keyfile-1 luksFormat /dev/loop0

 

WARNING!

========

This will overwrite data on /dev/loop0 irrevocably.

 

Are you sure? (Type uppercase yes): YES

device-mapper: reload ioctl failed: Invalid argument

Failed to setup dm-crypt key mapping for device /dev/loop0.

Check that kernel supports aes-cbc-essiv:sha256 cipher (check syslog for more info).

 

Question #1. Is the LUKS setup properly or not given the error? I checked my /proc/crypto and it doesn’t seem to have the crypto aes-cbc-essiv nor does it have sha256.

 

-bash-4.1# cat /proc/crypto

name         : stdrng

driver       : krng

module       : kernel

priority     : 200

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : crc32c

driver       : crc32c-generic

module       : kernel

priority     : 100

refcnt       : 2

selftest     : passed

type         : shash

blocksize    : 1

digestsize   : 4

 

name         : sha1

driver       : sha1-generic

module       : kernel

priority     : 0

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 64

digestsize   : 20

 

name         : md5

driver       : md5-generic

module       : kernel

priority     : 0

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 64

digestsize   : 16

 

But when I did the check, it seems LUKS has been setup with cbc-essiv:sha256.

 

-bash-4.1# -bash-4.1# cryptsetup -v isLuks /dev/loop0

Command successful.

-bash-4.1# blkid -p /dev/loop0

/dev/loop0: UUID="6732be3f-d385-4471-8c55-b0e2b43adf53" VERSION="256" TYPE="crypto_LUKS" USAGE="crypto"

-bash-4.1#

-bash-4.1# cryptsetup luksDump /dev/loop0

LUKS header information for /dev/loop0

 

Version:               1

Cipher name:     aes

Cipher mode:     cbc-essiv:sha256

Hash spec:          sha1

Payload offset: 4096

MK bits:               256

MK digest:          b3 f8 1d 09 f8 50 65 29 50 21 ea cd 0b 4a 9d 6a 2a 70 04 84

MK salt:               f6 f8 2e 1e 5e 71 05 40 3e bc a4 a5 c1 ed 60 6e

                a5 f8 2d 63 e1 f5 42 2a 4f 4a ff 78 a4 e9 70 1e

MK iterations:   40875

UUID:                    6732be3f-d385-4471-8c55-b0e2b43adf53

 

Key Slot 0: DISABLED

Key Slot 1: DISABLED

Key Slot 2: DISABLED

Key Slot 3: DISABLED

Key Slot 4: DISABLED

Key Slot 5: DISABLED

Key Slot 6: DISABLED

Key Slot 7: DISABLED

-bash-4.1#

 

So this is confusing to me.

 

Question #2. I went thru FAQ and didn’t quite find an example using key-file to setup LUKS.  But I found this line:

 

cryptsetup luksOpen --key-file keyfile /dev/loop0 e1

 

what is e1 here? Can someone give an example using key-file to set up a LUKS partition.

 

Thanks.

 

 

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux