* how the key is generated?
@ 2010-01-26 8:41 Bai Shuwei
2010-01-26 8:58 ` Milan Broz
0 siblings, 1 reply; 4+ messages in thread
From: Bai Shuwei @ 2010-01-26 8:41 UTC (permalink / raw)
To: linux-crypto
Hello, everyone:
i add one line in the setkey function which is in xts.c file to
print the in_key value. I find the key value not same i set in the
keyfile by cryptsetup
my command is
# cryptsetup luksFormat -d my_keyfile -c xts-aes-plain -s 256 /dev/loop0
# cat my_keyfile
1234567890abcdef1234567890abcdef
I want to know how i set my key to encrypt/decrypt the disc for
xts-aes and aes alogrithm? And how the crypto get the real key to
encrypt the disc or how the key printed in the setkey is genereted and
when? Thanks very much!
Best Regards
Bai Shuwei
--
Love other people, as same as love yourself!
Don't think all the time, do it by your hands!
E-Mail: baishuwei@gmail.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: how the key is generated?
2010-01-26 8:41 how the key is generated? Bai Shuwei
@ 2010-01-26 8:58 ` Milan Broz
2010-01-27 3:21 ` Bai Shuwei
0 siblings, 1 reply; 4+ messages in thread
From: Milan Broz @ 2010-01-26 8:58 UTC (permalink / raw)
To: Bai Shuwei; +Cc: linux-crypto
On 01/26/2010 09:41 AM, Bai Shuwei wrote:
> Hello, everyone:
> i add one line in the setkey function which is in xts.c file to
> print the in_key value. I find the key value not same i set in the
> keyfile by cryptsetup
>
> my command is
> # cryptsetup luksFormat -d my_keyfile -c xts-aes-plain -s 256 /dev/loop0
-d is key file for key slot (passphrase), volume (master) key for encryption
is generated using RNG during luksFormat inside cryptsetup.
You can use pre-generated master key using --master-key-file in cryptsetup 1.1.x
(but note it reads raw input, not hexa encoding). See man page.
You do not need to modify xts.c btw, try "dmsetup table --showkeys" for active
dm-crypt mappings to show used volume key.
(and also better use dm-crypt@saout.de mailing list for questions related to
userspace cryptsetup)
Milan
--
mbroz@redhat.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: how the key is generated?
2010-01-26 8:58 ` Milan Broz
@ 2010-01-27 3:21 ` Bai Shuwei
2010-01-27 8:21 ` Milan Broz
0 siblings, 1 reply; 4+ messages in thread
From: Bai Shuwei @ 2010-01-27 3:21 UTC (permalink / raw)
To: Milan Broz; +Cc: linux-crypto
On Tue, Jan 26, 2010 at 4:58 PM, Milan Broz <mbroz@redhat.com> wrote:
> On 01/26/2010 09:41 AM, Bai Shuwei wrote:
>> Hello, everyone:
>> i add one line in the setkey function which is in xts.c file to
>> print the in_key value. I find the key value not same i set in the
>> keyfile by cryptsetup
>>
>> my command is
>> # cryptsetup luksFormat -d my_keyfile -c xts-aes-plain -s 256 /dev/loop0
>
> -d is key file for key slot (passphrase), volume (master) key for encryption
> is generated using RNG during luksFormat inside cryptsetup.
>
> You can use pre-generated master key using --master-key-file in cryptsetup 1.1.x
> (but note it reads raw input, not hexa encoding). See man page.
>
> You do not need to modify xts.c btw, try "dmsetup table --showkeys" for active
> dm-crypt mappings to show used volume key.
>
> (and also better use dm-crypt@saout.de mailing list for questions related to
> userspace cryptsetup)
>
> Milan
> --
> mbroz@redhat.com
>
Hi, thanks Milan firstly!
I use "dmsetup table --showkeys" get the bellow information.
disk$ sudo dmsetup table --showkeys /dev/mapper/dsi0
0 2040 crypt aes-xts-plain
3131313131313131313131313131313131313131313131313131313131313131 0 7:0
2056
If i forget the passphase, can i use the above information/key to
recovery my disk?
Best Regards
Bai Shuwei
--
Love other people, as same as love yourself!
Don't think all the time, do it by your hands!
E-Mail: baishuwei@gmail.com
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: how the key is generated?
2010-01-27 3:21 ` Bai Shuwei
@ 2010-01-27 8:21 ` Milan Broz
0 siblings, 0 replies; 4+ messages in thread
From: Milan Broz @ 2010-01-27 8:21 UTC (permalink / raw)
To: Bai Shuwei; +Cc: linux-crypto
On 01/27/2010 04:21 AM, Bai Shuwei wrote:
> On Tue, Jan 26, 2010 at 4:58 PM, Milan Broz <mbroz@redhat.com> wrote:
> I use "dmsetup table --showkeys" get the bellow information.
>
> disk$ sudo dmsetup table --showkeys /dev/mapper/dsi0
> 0 2040 crypt aes-xts-plain
> 3131313131313131313131313131313131313131313131313131313131313131 0 7:0
> 2056
>
> If i forget the passphase, can i use the above information/key to
> recovery my disk?
yes, if you know mapping table (iow: key, cipher and mode,
IV and device offset), you can map this device directly using dmsetup.
(try dmsetup create dsi0 --table "0 2040 crypt .... 7:0 2056")
Anyway, you can better backup LUKS header and use some other passphrase,
there is also volume_key project, which implements key escrow (for cryptsetup too).
Milan
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-01-27 8:21 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-01-26 8:41 how the key is generated? Bai Shuwei
2010-01-26 8:58 ` Milan Broz
2010-01-27 3:21 ` Bai Shuwei
2010-01-27 8:21 ` Milan Broz
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.