Dear Milan,
Thank you so much for the excellent answer and so quick!
Tung
On Tue, Sep 19, 2017 at 10:49 PM, Milan Broz <gmazyland@xxxxxxxxx> wrote:
On 09/20/2017 01:38 AM, Tung Nguyen wrote:
> Dear Wizard(s),
>
> Help! I really need your help to understand --with-crypto_backend flag. It is not for dm-crypt but for userspace, LUKS header is processed in userspace.
>
> I downloaded cryptsetup-1.7.5.tar.xz and noticed that configure -h
> showed --with-crypto_backend=openssl. I wonder what that configure
> flag is for?
>
> Obviously, the root Makefile had
> CRYPTO_LIBS = -lssl -lcrypto
> OPENSSL_LIBS = -lssl -lcrypto
>
> but how does dm-crypt relate or use openssl lib?
It will use hash, HMAC and PBKDF2 as crypto primitives from this userspace library
when processing the LUKS header.
Once the kernel dm-crypt device is configured, it is no longer used - dm-crypt
use only kernel crypto API.
Anyway, there are safe defaults, so if you do not understand some option,
it is always better to not change it ;-)
(Default is to use libgcrypt. Openssl should provide the same capabilities,
other backends can be limited in compatibility - some hash algorithms are missing etc.
You can configure also to use wrapper for kernel userspace crypto API, then
userspace is not linked to any crypto library and uses only kernel crypto API.
But as said, there are some possible limitations.)
> ---
> The contents of this e-mail and any attachments are confidential and
> only for use by the intended recipient. Any unauthorized use,
> distribution or copying of this message is strictly prohibited. If
> you are not the intended recipient please inform the sender
> immediately by reply e-mail and delete this message from your system.
> Thank you for your co-operation.
This corporate footnotes make me always smile when appear in a public list :-)
Please if you can, do not use it. (I know it is sometimes forced though.)
Milan
---
The contents of this e-mail and any attachments are confidential and only for use by the intended recipient. Any unauthorized use, distribution or copying of this message is strictly prohibited. If you are not the intended recipient please inform the sender immediately by reply e-mail and delete this message from your system. Thank you for your co-operation._______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt