Google
  Web www.spinics.net

Re: Cryptoloop difference between Gentoo and SuSE Kernel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
Richard Hall wrote:
> Jari Ruusu wrote:
> >If you are using losetup and mount from loop-AES package, you can specify
> >mainline util-linux compatible key setup like this:
> >
> >  losetup -e AES256 -H unhashed2 -p 0 /dev/loop0 /dev/sdb1 </etc/backup/aes.key
> >                    ^^^^^^^^^^^^
> >
> >Or kerneli.org compatible key setup like this:
> >
> >  losetup -e AES256 -H rmd160 -p 0 /dev/loop0 /dev/sdb1 </etc/backup/aes.key
> >                    ^^^^^^^^^
> 
> I finally got it working by downloading the util-linux and util-linux
> cryptoloop patch from the gentoo mirror, compiling it on the suse system
> and running it from the compiled directory.   I don't know what the hell
> is done differently but something obviously is.

I downloaded util-linux-2.12b-cryptoapi-losetup.patch.bz2 from one gentoo
mirror, and that appears to be Ben Slusky's keygen patch. It is little bit
weird because it uses different key setup for interactive and
read-from-filedescriptor modes of operation. Interactive key setup appears
to be mainline util-linux compatible, but read-from-filedescriptor type key
setup reads up to 32 bytes of binary key material from file descriptor.

Anyway, I wrote small converter program that reads up to 32 bytes of binary
key material from stdin and writes out loop-AES unhashed1 password hash type
compatible password to stdout. Source for binary-key-remap-to-unhashed1
program is attached. It can be compiled like this:

  gcc -O2 -Wall binary-key-remap-to-unhashed1.c -o /usr/local/bin/binary-key-remap-to-unhashed1

And used like this (with loop-AES patched losetup and mount):

  cat /etc/backup/aes.key | binary-key-remap-to-unhashed1 128 | losetup -p 0 -e AES -H unhashed1 /dev/loop0 /dev/sdb1
                                                          ^^^                       ^^^^^^^^^^^^
                                        number of bits in key (128, 192 or 256)
Or:

  cat /etc/backup/aes.key | binary-key-remap-to-unhashed1 128 | mount -p 0 -t ext2 /dev/sdb1 /mnt -o encryption=AES,phash=unhashed1
                                                                                                                    ^^^^^^^^^^^^^^^
Or, if you want to change password, like this:

  cat /etc/backup/aes.key | binary-key-remap-to-unhashed1 128 | gpg --symmetric -a >/etc/fskey-sdb1.gpg
  mount -t ext2 /dev/sdb1 /mnt -o encryption=AES,phash=unhashed1,gpgkey=/etc/fskey-sdb1.gpg

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

Attachment: binary-key-remap-to-unhashed1.c.bz2
Description: Binary data

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: http://loop-aes.sourceforge.net/PGP-public-key.asc

iQCVAwUAQVGqwTMKg0M6Ig9RAQLRwQQAmT/ZzwPEhWZyuGdPvUiun4CrACn7WUm9
ejyycvauf2duY6NcOq5KxXqUnZSNl1U5VvRgEoTYuhXyvlQogHrJKyaSHZkUwUMW
HC6QWchRyz0ZTl06a5sL2liwre5HROTtmtD/eZpPcW+pu3NVgkVjrJbvUSOBq9Vs
Wv11CCY68X0=
=2gra
-----END PGP SIGNATURE-----

[Home]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]     [Network Security Reading]

Add to Google