From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id eqk4jKXgqIDh for <dm-crypt@saout.de>;
 Tue, 18 Sep 2012 09:47:04 +0200 (CEST)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Tue, 18 Sep 2012 09:47:04 +0200 (CEST)
Received: by wgbdr13 with SMTP id dr13so6579655wgb.1
 for <dm-crypt@saout.de>; Tue, 18 Sep 2012 00:47:04 -0700 (PDT)
Message-ID: <505826F5.4010805@gmail.com>
Date: Tue, 18 Sep 2012 09:47:01 +0200
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <k2vpn4$96e$1@ger.gmane.org> <50581FCC.3090504@suse.de>
In-Reply-To: <50581FCC.3090504@suse.de>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Migrating from loop AES to dm-crypt
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Ludwig Nussel <ludwig.nussel@suse.de>
Cc: dm-crypt@saout.de, Nick Battle <nick.battle@gmail.com>

On 09/18/2012 09:16 AM, Ludwig Nussel wrote:
> Nick Battle wrote:
>> I've just upgraded from openSUSE 12.1 to 12.2. I find that the latest version of
>> mount and losetup do not have the file encryption options they used to, since
>> everyone should have migrated to dm-crypt. The trouble is, I now have some
>> encrypted backup volumes that I cannot read!
>>
>> I used to mount the archives with:
>>
>> 	mount ... -o loop,phash=sha256,encryption=aes128
>>
>> It looks like I should be using the loopaesOpen option to cryptsetup to mount
>> these now, but I cannot find a combination of options that works. I'm trying the
>> following:
>>
>> cryptsetup loopaesOpen <device> <name> --key-file pp --key-size 128 --hash
>> sha256 -c aes-cbc-plain
> 
> IIRC loopaesOpen is for the multi key mode of newer loop aes. The crypto
> patches we had in openSUSE were based on a loop aes from a decade ago
> which didn't do anything fancy yet. So standard 'create' should work
> just fine with the parameters you figured out already. See also
> http://en.opensuse.org/SDB:Encrypted_filesystems#aes_cryptoloop_image

loopaesOpen can open all loop-AES variations (including multikey) and
it should automatically select proper mode according to number of lines (keys)
in keyfile. So only keysize and hash parameters needed (only if not default,
see cryptsetup --help for default).

Anyway, I promised that there should be some FAQ item about losetup
replacement parameters, So I'll try to prepare something....

Milan