From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glkdd-dm-crypt@m.gmane.org>
Received: from lo.gmane.org (lo.gmane.org [80.91.229.12])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Mon, 14 Mar 2011 22:13:42 +0100 (CET)
Received: from list by lo.gmane.org with local (Exim 4.69)
 (envelope-from <glkdd-dm-crypt@m.gmane.org>) id 1PzF5B-0002qf-DA
 for dm-crypt@saout.de; Mon, 14 Mar 2011 22:13:41 +0100
Received: from p5796beec.dip.t-dialin.net ([87.150.190.236])
 by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Mon, 14 Mar 2011 22:13:41 +0100
Received: from rudolf.deilmann by p5796beec.dip.t-dialin.net with local
 (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Mon, 14 Mar 2011 22:13:41 +0100
From: Rudolf Deilmann <rudolf.deilmann@gmail.com>
Date: Mon, 14 Mar 2011 22:13:29 +0100
Message-ID: <20110314221329.19d588ea@gmail.com>
References: <4D7E53E5.3040007@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] [ANNOUNCE] cryptsetup 1.3.0-rc1 (test release
	candidate)
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Mon, 14 Mar 2011 18:44:05 +0100
Milan Broz <mbroz@redhat.com> wrote:
> p.s. Please let me know if you tested crypto backend support
> or loop-AES compatibility mode (and report problems, if there is
> any:-)

Thanks for your work, Milan.

I've tried to open some old loop-AES partitions with this version and
kernel 2.6.38-rc8. It basically seems to work (however, it seems to be
slower than original loop-aes as your comment regarding speed suggests)

Two notes:

1) Keyfile handling

The following didn't work with one keyfile:

cryptsetup --key-file /path/keyfile -s 256 loopaesOpen <device> <name>

but this did work:

cat /path/keyfile | \\
  cryptsetup --key-file - -s 256 loopaesOpen <device> <name> 


I didn't have this problem with another keyfile.


2) Offset, skip and sizelimit support

It was common to store the gpg-keyfile in the head of an partition. See
for example http://loop-aes.sourceforge.net/aespipe.README: 

---
3.3. Example 3 - Encrypted CD-ROM
[...]
mount -t iso9660 /dev/cdrom /cdrom -o
loop=/dev/loop0,encryption=AES128,gpgkey=/dev/cdrom,offset=8192 
---

I was able to open such a partition with plain dmsetup; 'cryptsetup
loopaesOpen' didn't work because '--size','--skip' and '--offset' are
not supported. Perhaps you could add support for these switches to
loopaesOpen; the necessary changes in cryptsetup seems trivial.
( '--offset' - but not '--skip' - is already mentioned in the manpage
as a supported option for loopaesOpen )

mfg,
 Rudi