Hi Carlos, On Thu, Nov 29, 2007 at 01:06:15PM +0100, Carlos E. R. wrote:
My problem now is how to manually mount an encripted partition using the new style devmap thing - I tried looking at /etc/init.d/boot.crypto, but I got lost. I have to look again when I'm not so tired.
The fields in /etc/crypttab can basically be used as options for cryptsetup. I don't know the Suse 10.3 but it probably contains a luks enabled version. There is a big difference between encrypted devices with or without LUKS. With LUKS all relevant encryption options are stored in the partition header. You only need to specify "luks" in /etc/crypttab. Example with encrypted ext3 partition on LVM: ##### # <target name> <source device> <key file> <options> vg1-root_crypt /dev/mapper/vg1-root none luks ##### If you don't want to use a passphrase but a file on disk as the encryption key, just insert the filename as third field. To mount a LUKS device, execute: cryptsetup luksOpen /dev/mapper/vg1-root vg1-root_crypt (or with keyfile: cryptsetup --key-file <file> luksOpen /dev/mapper/vg1-root vg1-root_crypt) mount /dev/mapper/vg1-root_crypt /whereveryouwant -t ext3 Partitions that don't use LUKS require the cryptsetup options in the fourth field, for example: ##### # <target name> <source device> <key file> <options> sda11_crypt /dev/sda11 none cipher=aes-cbc-essiv:sha256,size=256,hash=sha256 ##### To mount a non-LUKS device, use the "create" command. Take care that the options are written differently in /etc/crypttab and for cryptsetup (compare their manpages). for the example above, the command would be: cryptsetup --cipher aes-cbc-essiv:sha256 --key-size 256 --hash sha256 create sda11_crypt /dev/sda11 mount /dev/mapper/sda11_crypt /whereveryouwant Also note the different order of device arguments between both types.
Is there a wiki page, howto, doc you know about?
cryptsetup manpage http://www.saout.de/tikiwiki/tiki-index.php http://www.saout.de/tikiwiki/tiki-index.php?page=LUKS http://luks.endorphin.org HTH, Michel -- Der tägliche Wahnsinn - http://www.virtualfreedom.de/dtw/ "Rasse" war der Irrglaube des 20. Jahrhunderts, "Sicherheit" ist der des 21.