I've been struggling with it for a while and finally found the solution. I was using cryptoloop in Lenny and needed to migrate to Squeeze, from which cryptoloop is removed. The tutorials tell me to just use cryptsetup, but none of them mentions one important detail.
From the dm-crypt page:
The defaults [for cryptsetup] are aes with a 256 bit key, hashed using ripemd160. [...]
Migration from cryptoloop and compatibility
[...]
You'll need to figure out how your passphrase was turned into a key to use for losetup. [...]
That last one turned out to be very sound advice. My losetup man page says in the section about the -e (encryption) option:
AES128 AESUse 128 bit AES encryption. Passphrase is hashed with SHA-256 by default.
Aaaaaah... so that was why the decryption wasn't correctly giving a mountable volume. Ok, there's a -h option to select the hash, and a -s option to select the cipher's block size which I already was using. Putting all together:
cryptsetup create -c aes -s 128 -h sha256 mappername devicename
finally did the trick and I could mount my encrypted device. The whole recipe to substitute mount -o loop,encryption=AES file mountpoint was:
modprobe dm-mod losetup -f # outputs /dev/loopX to be used below losetup /dev/loopX file cryptsetup create -c aes -s 128 -h sha256 mappername /dev/loopX mount /dev/mapper/mappername mountpoint
No comments:
Post a Comment