Hi Milan, Thank you for the reply. On 13 December 2016 at 15:31, Milan Broz <gmazyland@xxxxxxxxx> wrote: > I really do not think the disk encryption key management should be moved > outside of dm-crypt. We cannot then change key structure later easily. Yes, I agree. but the key selection based on sector number restricts the option of having a larger block size used for encryption. >> + unsigned int key_size; >> + unsigned int key_extra_size; >> + unsigned int key_parts; /* independent parts in key buffer */ > > ^^^ these key sizes you probably mean by key management. Yes, I mean splitting the keys into subkeys based on the keycount parameter (as mentioned below) to the dm-crypt. cipher[:keycount]-mode-iv:ivopts aes:2-cbc-essiv:sha256 > It is based on way how the key is currently sent into kernel > (one hexa string in ioctl that needs to be split) and have to be changed in future. -Binoy -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
