From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from vpn.antaris-organics.com (vpn.antaris-organics.com [77.74.199.76]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Fri, 2 Jul 2010 21:06:31 +0200 (CEST) Date: Fri, 2 Jul 2010 21:06:34 +0200 From: markus reichelt Message-ID: <20100702190634.GC5931@pc21.mareichelt.com> References: <20100702000449.GA31397@tansi.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="hYooF8G/hrfVAmum" Content-Disposition: inline In-Reply-To: <20100702000449.GA31397@tansi.org> Subject: Re: [dm-crypt] dm-crypt / LUKS FAQ monthly posting List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de --hYooF8G/hrfVAmum Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Arno Wagner wrote: > * How can I use cryptsetup to mount loop-AES encrypted devices? >=20 > (By ttsiodras) With these commands:=20 > sh# losetup /dev/loop0 /path/to/whatever/file/or/volume > sh# cryptsetup -c aes-plain -h sha512 create crypted /dev/loop0 > Enter passphrase: > sh# mount /dev/mapper/crypted /mnt/heaven > =20 > The above work for aes256 - for aes128, use "sha256". Wth... The user who submitted that must have been hiding under a rock quite some time. At best, the mentioned foo works for single-key loop-AES images. That's ancient, and since ages not even slightly a recommended loop-AES usage. Maybe he can comment on that madness? loop-AES.README has been clearly stating for years that a multi-key setup has to be used, namely v3. An example /etc/fstab entry: /dev/sda666 /mnt666 ext3 /defaults,noauto,loop=3D/dev/loop3,encryption=3DAE= S128,gpgkey=3D/keyfile.gpg 0 The correct line to unlock the listed volume via losetup is done via losetup -F /dev/loop3 I sincerely doubt current stock dm-crypt is able to mount multi-key loop-AES volumes. (Maybe someone using both can shed light on this in more detail, I might have missed the integration of that patch mentioned below) Full access support for multi-key loop-AES volumes might evolve from the work of Max Vozeler, first patch available at: http://www.spinics.net/lists/crypto/msg04952.html --=20 left blank, right bald --hYooF8G/hrfVAmum Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJMLji5AAoJEMImmhyPL9kTNR8P/R4PFZ6+Xu3DfnkVckUhNvI5 G5A2U4LoIRM+ZJrMuFj3EDFXUphOgyuJMOTekrqM8SS98PZQy88/K2cPgS4sJw6e DlnWtNReItpd5yOg62GGJSsRfDhSBspBodb8apTcqpFv7JDcFLYKHct4yCj1fyYU lmLBIjeUJ9P8Z2MN8DO5+wl/aapkiEytuSir6IGOgbyBiZPONIaYjH9LoxrpWk3+ s9OeHJsRALPhFrJg9tpKitsXWNJW/YEa6IIm3mTY9N4JurTfpowgsjRYhV83UF3J NW72U751I3S/nIp5KQlOJuqc/kDhnDLPjuM4xA6YPrZx17IAQPuGU1kCEVE5P+On Lg1UVJ3PpiSO4ss7ANVXiLoSFClhb8zeWwBrQkDyeEnyGhoruGxvGooikH3c5R+Y mwbNQHGmTUZl20n/m95Iso6XgBPWcVmBGJeHXyUcQUAKpm2eXtBtg/vIb/Snj3nb cIoZbMNt7Gp8UHW1Flx9FF/jDzfmv5JDB1g+gwliax6SjFIUCJ4zGTk56pjJCUPT mAC3YbTlr+6BrK2VK5wUxJ/MMWuJr0uL1NNnEibLEuZIBR5ZgmJrl1ndHG5pR9N0 0l/8r1sZ/vIUbU/2U+TbKKXLQfNah6q7s5zN0Kb2qyqA5j8GkzGC1q+xeLtTHLIY YVY8MzAVr9DuZ/7RysVh =K/Vq -----END PGP SIGNATURE----- --hYooF8G/hrfVAmum--