Re: distributing compressed, encrypted, and signed images

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello again,

To put this question another way: How do you calculate the required
size of the hash_dev? By observation, it appears to be just under 1%
of the disk size.

Thank you for your help,

-Alex

On Sun, Mar 2, 2014 at 6:54 PM, Alex Polvi <alex@xxxxxxxxx> wrote:
> Hello,
>
> Thank so much to the developers of dm-crypt for all your hard work,
> this stuff is great!
>
> I'm trying to build a root filesystem in a squashfs, that is then
> encrypted using cryptsetup, then verified with veritysetup. The goal
> is to create a container filesystem that is encrypted and verified.
>
> I'm able to do all this no problem, but I'm a bit confused on how the
> hash_dev[1] is supposed to be used. For my testing, I used a loopback
> device for my hash_dev. When I'm ready to distribute my encrypted
> squashfs to someone, I was expecting to give over the passphrase for
> cryptsetup, and the sha256 generated by veritysetup format. However,
> it looks like I also have to distribute my hash_dev as well. Is that
> the case? Does that mean I need to ship my main image, the hash_dev
> image, and sha256 that corresponds to both? Is there some clever way
> to do this that I am overlooking?
>
> Also, since squashfs is readonly already, is dm-verity overkill? I'm a
> bit lost on the advantage of the hash_dev over just checking the hash
> it before mounting.
>
> Any pointers/suggestions very much appreciated! Thank you again for
> all your support.
>
> Regards,
>
> -Alex
>
> [1]: https://code.google.com/p/cryptsetup/wiki/DMVerity
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt




[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux