Hello, everyone:
i add one line in the setkey function which is in xts.c file to
print the in_key value. I find the key value not same i set in the
keyfile by cryptsetup
my command is
# cryptsetup luksFormat -d my_keyfile -c xts-aes-plain -s 256 /dev/loop0
# cat my_keyfile
1234567890abcdef1234567890abcdef
I want to know how i set my key to encrypt/decrypt the disc for
xts-aes and aes alogrithm? And how the crypto get the real key to
encrypt the disc or how the key printed in the setkey is genereted and
when? Thanks very much!
Best Regards
Bai Shuwei
--
Love other people, as same as love yourself!
Don't think all the time, do it by your hands!
E-Mail: [email protected]
On 01/26/2010 09:41 AM, Bai Shuwei wrote:
> Hello, everyone:
> i add one line in the setkey function which is in xts.c file to
> print the in_key value. I find the key value not same i set in the
> keyfile by cryptsetup
>
> my command is
> # cryptsetup luksFormat -d my_keyfile -c xts-aes-plain -s 256 /dev/loop0
-d is key file for key slot (passphrase), volume (master) key for encryption
is generated using RNG during luksFormat inside cryptsetup.
You can use pre-generated master key using --master-key-file in cryptsetup 1.1.x
(but note it reads raw input, not hexa encoding). See man page.
You do not need to modify xts.c btw, try "dmsetup table --showkeys" for active
dm-crypt mappings to show used volume key.
(and also better use [email protected] mailing list for questions related to
userspace cryptsetup)
Milan
--
[email protected]
On Tue, Jan 26, 2010 at 4:58 PM, Milan Broz <[email protected]> wrote:
> On 01/26/2010 09:41 AM, Bai Shuwei wrote:
>> Hello, everyone:
>> ? ? i add one line in the setkey function which is in xts.c file to
>> print the in_key value. I find the key value not same i set in the
>> keyfile by cryptsetup
>>
>> ? ?my command is
>> # ? cryptsetup luksFormat -d my_keyfile -c xts-aes-plain -s 256 /dev/loop0
>
> -d is key file for key slot (passphrase), volume (master) key for encryption
> is generated using RNG during luksFormat inside cryptsetup.
>
> You can use pre-generated master key using --master-key-file in cryptsetup 1.1.x
> (but note it reads raw input, not hexa encoding). See man page.
>
> You do not need to modify xts.c btw, try "dmsetup table --showkeys" for active
> dm-crypt mappings to show used volume key.
>
> (and also better use [email protected] mailing list for questions related to
> userspace cryptsetup)
>
> Milan
> --
> [email protected]
>
Hi, thanks Milan firstly!
I use "dmsetup table --showkeys" get the bellow information.
disk$ sudo dmsetup table --showkeys /dev/mapper/dsi0
0 2040 crypt aes-xts-plain
3131313131313131313131313131313131313131313131313131313131313131 0 7:0
2056
If i forget the passphase, can i use the above information/key to
recovery my disk?
Best Regards
Bai Shuwei
--
Love other people, as same as love yourself!
Don't think all the time, do it by your hands!
E-Mail: [email protected]
On 01/27/2010 04:21 AM, Bai Shuwei wrote:
> On Tue, Jan 26, 2010 at 4:58 PM, Milan Broz <[email protected]> wrote:
> I use "dmsetup table --showkeys" get the bellow information.
>
> disk$ sudo dmsetup table --showkeys /dev/mapper/dsi0
> 0 2040 crypt aes-xts-plain
> 3131313131313131313131313131313131313131313131313131313131313131 0 7:0
> 2056
>
> If i forget the passphase, can i use the above information/key to
> recovery my disk?
yes, if you know mapping table (iow: key, cipher and mode,
IV and device offset), you can map this device directly using dmsetup.
(try dmsetup create dsi0 --table "0 2040 crypt .... 7:0 2056")
Anyway, you can better backup LUKS header and use some other passphrase,
there is also volume_key project, which implements key escrow (for cryptsetup too).
Milan