diff options
author | Milan Broz <mbroz@redhat.com> | 2008-04-24 17:11:03 -0400 |
---|---|---|
committer | Alasdair G Kergon <agk@redhat.com> | 2008-04-25 08:27:03 -0400 |
commit | e3dcc5a387fc38e9c3c6c4f857cd9a7f71a8553a (patch) | |
tree | 8e257d211df10bdc750ddb2e749f7f735dfcc740 /Documentation | |
parent | cf13ab8e02d452e2236d0b5fda9972b3b7f503cb (diff) |
dm crypt: add documentation
Add description of dm-crypt to device-mapper documentation.
Signed-off-by: Milan Broz <mbroz@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/device-mapper/dm-crypt.txt | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/Documentation/device-mapper/dm-crypt.txt b/Documentation/device-mapper/dm-crypt.txt new file mode 100644 index 000000000000..6680cab2c705 --- /dev/null +++ b/Documentation/device-mapper/dm-crypt.txt | |||
@@ -0,0 +1,52 @@ | |||
1 | dm-crypt | ||
2 | ========= | ||
3 | |||
4 | Device-Mapper's "crypt" target provides transparent encryption of block devices | ||
5 | using the kernel crypto API. | ||
6 | |||
7 | Parameters: <cipher> <key> <iv_offset> <device path> <offset> | ||
8 | |||
9 | <cipher> | ||
10 | Encryption cipher and an optional IV generation mode. | ||
11 | (In format cipher-chainmode-ivopts:ivmode). | ||
12 | Examples: | ||
13 | des | ||
14 | aes-cbc-essiv:sha256 | ||
15 | twofish-ecb | ||
16 | |||
17 | /proc/crypto contains supported crypto modes | ||
18 | |||
19 | <key> | ||
20 | Key used for encryption. It is encoded as a hexadecimal number. | ||
21 | You can only use key sizes that are valid for the selected cipher. | ||
22 | |||
23 | <iv_offset> | ||
24 | The IV offset is a sector count that is added to the sector number | ||
25 | before creating the IV. | ||
26 | |||
27 | <device path> | ||
28 | This is the device that is going to be used as backend and contains the | ||
29 | encrypted data. You can specify it as a path like /dev/xxx or a device | ||
30 | number <major>:<minor>. | ||
31 | |||
32 | <offset> | ||
33 | Starting sector within the device where the encrypted data begins. | ||
34 | |||
35 | Example scripts | ||
36 | =============== | ||
37 | LUKS (Linux Unified Key Setup) is now the preferred way to set up disk | ||
38 | encryption with dm-crypt using the 'cryptsetup' utility, see | ||
39 | http://luks.endorphin.org/ | ||
40 | |||
41 | [[ | ||
42 | #!/bin/sh | ||
43 | # Create a crypt device using dmsetup | ||
44 | dmsetup create crypt1 --table "0 `blockdev --getsize $1` crypt aes-cbc-essiv:sha256 babebabebabebabebabebabebabebabe 0 $1 0" | ||
45 | ]] | ||
46 | |||
47 | [[ | ||
48 | #!/bin/sh | ||
49 | # Create a crypt device using cryptsetup and LUKS header with default cipher | ||
50 | cryptsetup luksFormat $1 | ||
51 | cryptsetup luksOpen $1 crypt1 | ||
52 | ]] | ||