]>
Commit | Line | Data |
---|---|---|
e3dcc5a3 MB |
1 | dm-crypt |
2 | ========= | |
3 | ||
4 | Device-Mapper's "crypt" target provides transparent encryption of block devices | |
5 | using the kernel crypto API. | |
6 | ||
7 | Parameters: <cipher> <key> <iv_offset> <device path> <offset> | |
8 | ||
9 | <cipher> | |
10 | Encryption cipher and an optional IV generation mode. | |
11 | (In format cipher-chainmode-ivopts:ivmode). | |
12 | Examples: | |
13 | des | |
14 | aes-cbc-essiv:sha256 | |
15 | twofish-ecb | |
16 | ||
17 | /proc/crypto contains supported crypto modes | |
18 | ||
19 | <key> | |
20 | Key used for encryption. It is encoded as a hexadecimal number. | |
21 | You can only use key sizes that are valid for the selected cipher. | |
22 | ||
23 | <iv_offset> | |
24 | The IV offset is a sector count that is added to the sector number | |
25 | before creating the IV. | |
26 | ||
27 | <device path> | |
28 | This is the device that is going to be used as backend and contains the | |
29 | encrypted data. You can specify it as a path like /dev/xxx or a device | |
30 | number <major>:<minor>. | |
31 | ||
32 | <offset> | |
33 | Starting sector within the device where the encrypted data begins. | |
34 | ||
35 | Example scripts | |
36 | =============== | |
37 | LUKS (Linux Unified Key Setup) is now the preferred way to set up disk | |
38 | encryption with dm-crypt using the 'cryptsetup' utility, see | |
0ea6e611 | 39 | http://clemens.endorphin.org/cryptography |
e3dcc5a3 MB |
40 | |
41 | [[ | |
42 | #!/bin/sh | |
43 | # Create a crypt device using dmsetup | |
44 | dmsetup create crypt1 --table "0 `blockdev --getsize $1` crypt aes-cbc-essiv:sha256 babebabebabebabebabebabebabebabe 0 $1 0" | |
45 | ]] | |
46 | ||
47 | [[ | |
48 | #!/bin/sh | |
49 | # Create a crypt device using cryptsetup and LUKS header with default cipher | |
50 | cryptsetup luksFormat $1 | |
51 | cryptsetup luksOpen $1 crypt1 | |
52 | ]] |