aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorMilan Broz <mbroz@redhat.com>2008-04-24 17:11:03 -0400
committerAlasdair G Kergon <agk@redhat.com>2008-04-25 08:27:03 -0400
commite3dcc5a387fc38e9c3c6c4f857cd9a7f71a8553a (patch)
tree8e257d211df10bdc750ddb2e749f7f735dfcc740 /Documentation
parentcf13ab8e02d452e2236d0b5fda9972b3b7f503cb (diff)
dm crypt: add documentation
Add description of dm-crypt to device-mapper documentation. Signed-off-by: Milan Broz <mbroz@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/device-mapper/dm-crypt.txt52
1 files changed, 52 insertions, 0 deletions
diff --git a/Documentation/device-mapper/dm-crypt.txt b/Documentation/device-mapper/dm-crypt.txt
new file mode 100644
index 000000000000..6680cab2c705
--- /dev/null
+++ b/Documentation/device-mapper/dm-crypt.txt
@@ -0,0 +1,52 @@
1dm-crypt
2=========
3
4Device-Mapper's "crypt" target provides transparent encryption of block devices
5using the kernel crypto API.
6
7Parameters: <cipher> <key> <iv_offset> <device path> <offset>
8
9<cipher>
10 Encryption cipher and an optional IV generation mode.
11 (In format cipher-chainmode-ivopts:ivmode).
12 Examples:
13 des
14 aes-cbc-essiv:sha256
15 twofish-ecb
16
17 /proc/crypto contains supported crypto modes
18
19<key>
20 Key used for encryption. It is encoded as a hexadecimal number.
21 You can only use key sizes that are valid for the selected cipher.
22
23<iv_offset>
24 The IV offset is a sector count that is added to the sector number
25 before creating the IV.
26
27<device path>
28 This is the device that is going to be used as backend and contains the
29 encrypted data. You can specify it as a path like /dev/xxx or a device
30 number <major>:<minor>.
31
32<offset>
33 Starting sector within the device where the encrypted data begins.
34
35Example scripts
36===============
37LUKS (Linux Unified Key Setup) is now the preferred way to set up disk
38encryption with dm-crypt using the 'cryptsetup' utility, see
39http://luks.endorphin.org/
40
41[[
42#!/bin/sh
43# Create a crypt device using dmsetup
44dmsetup create crypt1 --table "0 `blockdev --getsize $1` crypt aes-cbc-essiv:sha256 babebabebabebabebabebabebabebabe 0 $1 0"
45]]
46
47[[
48#!/bin/sh
49# Create a crypt device using cryptsetup and LUKS header with default cipher
50cryptsetup luksFormat $1
51cryptsetup luksOpen $1 crypt1
52]]