- default=1024,
- )
- # The size of the key is defined in bits, so we must transform that
- # value to bytes (dividing by 8) because we read in bytes, not bits
- random_string = os.urandom(dmcrypt_key_size / 8)
+ default='512')
+
+ if key_size not in ['256', '512']:
+ logger.warning(("Invalid value set for osd_dmcrypt_key_size ({}). "
+ "Falling back to {}bits".format(key_size, default_key_size)))
+ return default_key_size
+
+ return key_size
+
+def create_dmcrypt_key():
+ """
+ Create the secret dm-crypt key (KEK) used to encrypt/decrypt the Volume Key.
+ """
+ random_string = os.urandom(128)