From: Bill Davidsen <davidsen@tmr.com>
To: Christophe Saout <christophe@saout.de>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: 2.6.3-mm1
Date: Thu, 19 Feb 2004 16:58:59 -0500 [thread overview]
Message-ID: <403531A3.4000503@tmr.com> (raw)
In-Reply-To: <1qIn3-5yq-23@gated-at.bofh.it>
Christophe Saout wrote:
> Am Mi, den 18.02.2004 schrieb Brandon Low um 21:52:
>
>
>>I am just reading up on dm now, but correct me if I am wrong, I will
>>need to do losetup, dmcreate, mount in that order in order to use
>>dmcrypt on loop where with cryptoloop, I could just do "mount"... there
>>must be an easier way to handle this!
>
>
> You don't need to know everything about dm to set up encrypted devices.
>
> Basically dmsetup is something like losetup, only that it's much more
> flexible.
>
> To set up a device basically:
>
> echo 0 `blockdev --getsize /dev/bla` crypt <cipher> <key> 0 /dev/bla 0 |
> dmsetup create <newname>
>
> is enough. And it's just temporary, because no special tool has been
> written yet. dmsetup is the most low-level dm tool, mostly for
> developers. I've written a shell script named cryptsetup for the
> meantime, it asks for a passphrase and does all the magic you need.
>
> "cryptsetup create test /dev/hda5" will ask for a passphrase and set up
> /dev/mapper/test. Voila. "cryptsetup remove test" removes it and
> "cryptsetup status test" shows some status information.
>
> mount -o loop is basically a hack. mount uses parts of losetup to do an
> ioctl. The encryption support as mount argument is an additional patch.
> Even worse, some do passphrase hashing, some don't... it works but it's
> not a very clean solution either.
>
> BTW: dmsetup is NOT a big program. It has two parts: a libdevmapper.so
> in /lib and the dmsetup binary itself. Every part is 16k in size (if
> compiled statically into one binary it's just 27k), and it's still
> linked against glibc. If linked against dietlibc or klibc it would be
> even smaller. Nobody needs LVM tools or something. It's just a small
> client for the dm ioctl, just like losetup is a client for the loop
> ioctl.
>
> There are some plans to write a unified plugin based key management
> tool. You might want to have your key stored on a USB stick. Or
> encrypted in the first sector of your device and you want to unlock it
> using a password (so you can change your password without needing to
> reencrypt your data). This would be much more flexible than most of the
> crap floating around.
>
> So, you see. NO NEED TO PANIC. Cryptoloop won't disappear over night.
> There will be some nice to user interface. At the moment dm-crypt is
> only a *kernel implementation* and not meant to be used by every end
> user immediately. Nobody will force you to drop cryptoloop until there
> is a clean solution for everybody out there.
Could you give an example of the one line I put in /etc/fstab to replace
the one now which includes "noauto,user" so users can mount when they
need the secure data?
You *can* do that so you don't need to train users, give them special
permissions, or use privileged scripts or programs, right?
next parent reply other threads:[~2004-02-19 21:55 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1qujU-5xX-31@gated-at.bofh.it>
[not found] ` <1qCUf-4vn-41@gated-at.bofh.it>
[not found] ` <1qGuR-bb-25@gated-at.bofh.it>
[not found] ` <1qGO2-uG-13@gated-at.bofh.it>
[not found] ` <1qGO5-uG-21@gated-at.bofh.it>
[not found] ` <1qGY1-RT-29@gated-at.bofh.it>
[not found] ` <1qGY1-RT-27@gated-at.bofh.it>
[not found] ` <1qIn3-5yq-23@gated-at.bofh.it>
2004-02-19 21:58 ` Bill Davidsen [this message]
2004-02-19 22:01 ` 2.6.3-mm1 Christophe Saout
[not found] <20040217232130.61667965.akpm@osdl.org.suse.lists.linux.kernel>
2004-02-18 10:43 ` 2.6.3-mm1 Andi Kleen
2004-02-18 10:55 ` 2.6.3-mm1 Andrew Morton
2004-02-19 6:37 ` 2.6.3-mm1 Andi Kleen
2004-02-18 13:45 ` 2.6.3-mm1 Joe Thornber
2004-02-19 11:52 ` 2.6.3-mm1 Andi Kleen
2004-02-18 23:27 ` 2.6.3-mm1 Andrew Morton
2004-02-19 17:54 ` 2.6.3-mm1 Andi Kleen
2004-02-18 7:21 2.6.3-mm1 Andrew Morton
2004-02-18 7:43 ` 2.6.3-mm1 Andrew Morton
2004-02-18 9:25 ` 2.6.3-mm1 Andrew Morton
2004-02-18 13:42 ` 2.6.3-mm1 Rusty Russell
2004-02-18 18:50 ` 2.6.3-mm1 Andrew Morton
2004-02-18 11:13 ` 2.6.3-mm1 Sean Neakums
2004-02-18 11:14 ` 2.6.3-mm1 Jonathan Brown
2004-02-18 12:37 ` 2.6.3-mm1 Sean Neakums
2004-02-18 14:26 ` 2.6.3-mm1 Ramon Rey Vicente
2004-02-18 18:55 ` 2.6.3-mm1 Andrew Morton
2004-02-18 19:06 ` 2.6.3-mm1 Matthew Wilcox
2004-02-18 16:16 ` 2.6.3-mm1 Bill Davidsen
2004-02-18 20:04 ` 2.6.3-mm1 Brandon Low
2004-02-18 20:22 ` 2.6.3-mm1 Andrew Morton
2004-02-18 20:33 ` 2.6.3-mm1 Brandon Low
2004-02-18 20:52 ` 2.6.3-mm1 Andrew Morton
2004-02-18 20:52 ` 2.6.3-mm1 Brandon Low
2004-02-18 21:00 ` 2.6.3-mm1 Andrew Morton
2004-02-18 22:15 ` 2.6.3-mm1 Christophe Saout
2004-02-19 0:33 ` 2.6.3-mm1 Brandon Low
2004-02-19 12:39 ` 2.6.3-mm1 Christophe Saout
2004-02-18 17:50 ` 2.6.3-mm1 James Simmons
2004-02-22 2:46 ` 2.6.3-mm1 William Lee Irwin III
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=403531A3.4000503@tmr.com \
--to=davidsen@tmr.com \
--cc=christophe@saout.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox