Mailinglist Archive: opensuse-security (128 mails)

< Previous Next >
[opensuse-security] How does one convert from /etc/cryptotab to /etc/crypttab
  • From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
  • Date: Thu, 29 Nov 2007 04:18:21 +0100 (CET)
  • Message-id: <alpine.LSU.0.9999.0711290402280.6385@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,

According to the release notes, I thought that /etc/cryptotab was to be converted to /etc/crypttab while upgrading 10.2 to 10.3, but it wasn't.


How do I do it?

The entry in /etc/cryptotab is this:

/dev/loop0 /dev/disk/by-id/ata-ST3320620A_5QF2M56F-part15 /cripta xfs
twofish256 noatime,nodiratime


I see a man page for crypttab, which says that the lines should be:

<target device> <source device> <key file> <options>


But I don't see clearly. It says:

· The first column, target device specifies the mapped device
name. It must be a plain filename without any directories. A
mapped device /dev/mapper/device name will be created by
cryptsetup(8) crypting data from and onto the source device.
To actually mount that device it needs to be listed in
/etc/fstab.


Ie, is it an invented name? A non existing name in /dev/mapper/? Like /dev/mapper/MyCrypto?

Then the line would be:

MyCrypto /dev/disk/by-id/ata-ST3320620A_5QF2M56F-part15 ....


Now, third field:

· The third column key file specifies the file to use for
decrypting the encrypted data of the source device. It can
also be a device name (e.g. /dev/urandom, which is useful for
encrypted swap devices). Warning: luks does not support
infinite streams (like /dev/urandom), it requires a fixed size
key.

Are they talking of the mount point? A file containing the passphrase? I believe the second.



· The fourth field options specifies the cryptsetup options
associated with the encryption process. At minimum, the field
should contain the string luks or the cipher, hash and size
options. Options have to be specified in the format:
key=value[,key=value ...]


Cipher, hash, size.... I have no idea how to relate this to the original remaining options:

... xfs twofish256 noatime,nodiratime



Is this suppossed to be this way? I don't see how...


- -- Cheers,
Carlos Robinson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFHTi9/tTMYHG2NR9URAtJ8AJ9+7Cm5VwCEh/PTE93iKzTJh+a1+ACfdB6q
yEAJUTkmAeAg4EBsAEDXDRA=
=YGOD
-----END PGP SIGNATURE-----
< Previous Next >
Follow Ups