Re: [dm-crypt] dm-crypt / LUKS FAQ monthly posting

[markus reichelt <ml@mareichelt.com>]

[-- Attachment #1: Type: text/plain, Size: 1482 bytes --]

* Arno Wagner <arno@wagner.name> wrote:

>   * How can I use cryptsetup to mount loop-AES encrypted devices?
> 
>   (By ttsiodras) With these commands: 
>       sh# losetup /dev/loop0 /path/to/whatever/file/or/volume
>       sh# cryptsetup -c aes-plain -h sha512 create crypted /dev/loop0
>       Enter passphrase:
>       sh# mount /dev/mapper/crypted /mnt/heaven
>  
>   The above work for aes256 - for aes128, use "sha256".

Wth...

The user who submitted that must have been hiding under a rock quite
some time. At best, the mentioned foo works for single-key loop-AES
images. That's ancient, and since ages not even slightly a
recommended loop-AES usage. Maybe he can comment on that madness?

loop-AES.README has been clearly stating for years that a multi-key
setup has to be used, namely v3. An example /etc/fstab entry:

/dev/sda666 /mnt666 ext3 /defaults,noauto,loop=/dev/loop3,encryption=AES128,gpgkey=/keyfile.gpg 0

The correct line to unlock the listed volume via losetup is done via

losetup -F /dev/loop3

I sincerely doubt current stock dm-crypt is able to mount multi-key
loop-AES volumes. (Maybe someone using both can shed light on this in
more detail, I might have missed the integration of that patch
mentioned below)

Full access support for multi-key loop-AES volumes might evolve from
the work of Max Vozeler, first patch available at:

http://www.spinics.net/lists/crypto/msg04952.html


-- 
left blank, right bald

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]