[prev in list] [next in list] [prev in thread] [next in thread]
List: opensuse-factory
Subject: [opensuse-factory] no luck with luks
From: Hans Witvliet <hwit () a-domani ! nl>
Date: 2006-12-20 8:14:16
Message-ID: 1166602456.6698.10.camel () mail ! local
[Download RAW message or body]
Just tried to replay an example from the net with luks under 10.2,
without success.
According to the aricle "Datan verschlussen mit dm-crypt fur Linux"
from 11 december 2006 (rather up-to-date, I thought)
i should do:
dd if=/dev/zero of=crypt.img bs=1M count=100
shred -n 1 crypt.img
losetup /dev/loop0 crypt.img
cryptsetup luksFormat -c aes-cbc-essiv:sh256 -s 256 -y /dev/loop0
According to the man-page of cryptsetup that should be ok.
cryptset up however fails with:
WARNING!
========
This will overwrite data on /dev/loop0 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Failed to setup dm-crypt key mapping.
Check kernel for support for the aes-cbc-essiv:sh256 cipher spec and
verify that /dev/loop0 contains at least 258 sectors.
Failed to write to key storage.
Well, crypt.img is large enough (100MB) in this example.
A quick glance in /proc showed:
# zcat /proc/config.gz |grep -i aes
CONFIG_RADIO_MAESTRO=m
CONFIG_SND_MAESTRO3=m
CONFIG_CRYPTO_AES=m
CONFIG_CRYPTO_AES_586=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=y
And a deeper look in /usr/src/linux (default 10.2GM kernel) showed
config 10.2 kernel:
* Cryptographic options
*
Cryptographic API (CRYPTO) [Y/?] y
HMAC support (CRYPTO_HMAC) [Y/?] y
Null algorithms (CRYPTO_NULL) [M/n/y/?] m
MD4 digest algorithm (CRYPTO_MD4) [M/n/y/?] m
MD5 digest algorithm (CRYPTO_MD5) [M/y/?] m
SHA1 digest algorithm (CRYPTO_SHA1) [M/y/?] m
SHA256 digest algorithm (CRYPTO_SHA256) [M/n/y/?] m
SHA384 and SHA512 digest algorithms (CRYPTO_SHA512) [M/n/y/?] m
Whirlpool digest algorithms (CRYPTO_WP512) [M/n/y/?] m
Tiger digest algorithms (CRYPTO_TGR192) [M/n/y/?] m
DES and Triple DES EDE cipher algorithms (CRYPTO_DES) [M/y/?] m
Blowfish cipher algorithm (CRYPTO_BLOWFISH) [M/n/y/?] m
Twofish cipher algorithm (CRYPTO_TWOFISH) [M/n/y/?] m
Serpent cipher algorithm (CRYPTO_SERPENT) [M/n/y/?] m
AES cipher algorithms (CRYPTO_AES) [M/y/?] m
AES cipher algorithms (i586) (CRYPTO_AES_586) [M/n/y/?] m
CAST5 (CAST-128) cipher algorithm (CRYPTO_CAST5) [M/y/?] m
CAST6 (CAST-256) cipher algorithm (CRYPTO_CAST6) [M/n/y/?] m
TEA, XTEA and XETA cipher algorithms (CRYPTO_TEA) [M/n/y/?] m
ARC4 cipher algorithm (CRYPTO_ARC4) [M/y/?] m
Khazad cipher algorithm (CRYPTO_KHAZAD) [M/n/y/?] m
Anubis cipher algorithm (CRYPTO_ANUBIS) [M/n/y/?] m
Deflate compression algorithm (CRYPTO_DEFLATE) [M/y/?] m
Michael MIC keyed digest algorithm (CRYPTO_MICHAEL_MIC) [M/y/?] m
CRC32c CRC algorithm (CRYPTO_CRC32C) [M/y/?] m
Testing module (CRYPTO_TEST) [M/n/?] m
So what am i misssing?
All available crypto parts are build as modules.
Where should i check for:
"Check kernel for support for the aes-cbc-essiv:sh256 cipher spec"
(Not tried it yet on older machines, but will do)
Hans
--
pgp-id: 926EBB12
pgp-fingerprint: BE97 1CBF FAC4 236C 4A73 F76E EDFC D032 926E BB12
Registered linux user: 75761 (http://counter.li.org)
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-factory+help@opensuse.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic