Re: [dm-crypt] Migrating from loop AES to dm-crypt

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Milan Broz <gmazyland@gmail.com>
To: Ludwig Nussel <ludwig.nussel@suse.de>
Cc: dm-crypt@saout.de, Nick Battle <nick.battle@gmail.com>
Subject: Re: [dm-crypt] Migrating from loop AES to dm-crypt
Date: Tue, 18 Sep 2012 09:47:01 +0200	[thread overview]
Message-ID: <505826F5.4010805@gmail.com> (raw)
In-Reply-To: <50581FCC.3090504@suse.de>

On 09/18/2012 09:16 AM, Ludwig Nussel wrote:
> Nick Battle wrote:
>> I've just upgraded from openSUSE 12.1 to 12.2. I find that the latest version of
>> mount and losetup do not have the file encryption options they used to, since
>> everyone should have migrated to dm-crypt. The trouble is, I now have some
>> encrypted backup volumes that I cannot read!
>>
>> I used to mount the archives with:
>>
>> 	mount ... -o loop,phash=sha256,encryption=aes128
>>
>> It looks like I should be using the loopaesOpen option to cryptsetup to mount
>> these now, but I cannot find a combination of options that works. I'm trying the
>> following:
>>
>> cryptsetup loopaesOpen <device> <name> --key-file pp --key-size 128 --hash
>> sha256 -c aes-cbc-plain
> 
> IIRC loopaesOpen is for the multi key mode of newer loop aes. The crypto
> patches we had in openSUSE were based on a loop aes from a decade ago
> which didn't do anything fancy yet. So standard 'create' should work
> just fine with the parameters you figured out already. See also
> http://en.opensuse.org/SDB:Encrypted_filesystems#aes_cryptoloop_image

loopaesOpen can open all loop-AES variations (including multikey) and
it should automatically select proper mode according to number of lines (keys)
in keyfile. So only keysize and hash parameters needed (only if not default,
see cryptsetup --help for default).

Anyway, I promised that there should be some FAQ item about losetup
replacement parameters, So I'll try to prepare something....

Milan

next prev parent reply	other threads:[~2012-09-18  7:47 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-09-14 17:35 [dm-crypt] Migrating from loop AES to dm-crypt Nick Battle
2012-09-14 18:00 ` Arno Wagner
2012-09-14 20:08   ` Nick Battle
2012-09-15 12:04 ` Matthias Schniedermeyer
2012-09-18  7:16 ` Ludwig Nussel
2012-09-18  7:47   ` Milan Broz [this message]
2012-09-18 21:03     ` Nick Battle
2012-09-18 21:32       ` Arno Wagner
2012-09-19 18:07         ` Nick Battle

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=505826F5.4010805@gmail.com \
    --to=gmazyland@gmail.com \
    --cc=dm-crypt@saout.de \
    --cc=ludwig.nussel@suse.de \
    --cc=nick.battle@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.