Mailinglist Archive: opensuse-security (128 mails)

< Previous Next >
Re: [opensuse-security] How does one convert from /etc/cryptotab to /etc/crypttab
  • From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
  • Date: Fri, 30 Nov 2007 12:33:41 +0100 (CET)
  • Message-id: <alpine.LSU.0.9999.0711301155240.2626@xxxxxxxxxxxxxxxx>
Hash: SHA1

The Friday 2007-11-30 at 11:28 +0100, Carlos E. R. wrote:

Testing. I create in '/etc/cryptotab' the line:

/dev/loop6 /biggy/ /mnt/ xfs twofish256 noauto,user,noatime,nodiratime

nimrodel:~ # /etc/init.d/boot.crypto start /mnt/
/mnt/ xfs doesn't exist skipped
Please enter passphrase for /biggy/ Command failed: Key
reading error
/biggy/ failed

Sorry, my fault. I had a temporary line left over from copypasting. It works!

nimrodel:~ # /etc/init.d/boot.crypto start /mnt/
Please enter passphrase for /biggy/
[/sbin/fsck.xfs (1) -- /dev/mapper/cryptotab_loop6] fsck.xfs -a
/sbin/fsck.xfs: XFS file system.
/biggy/ done

Reading your web page, I have a new doubt:

] Example: new /etc/crypttab and /etc/fstab for twofish256 cryptoloop ] image
] crypttab:
] secret /secret.img none
] fstab:
] /dev/mapper/secret /secret ext2 noauto,acl,user_xattr 0 0

Currently I'm using /etc/cryptotab:

/dev/loop6 /biggy/ /mnt/ xfs twofish256

which seems easier that crypttab, but if the needed options are those you write there, then it is easy enough. However... Do I need the fstab line if I mount it via /etc/init.d/boot.crypto? Because mounting via boot.crypto is obviously simpler than the three line commands you write:

] losetup /dev/loop0 /secret.img
] cryptsetup --hash sha512 --cipher twofish-cbc-plain --key-size 256 create
secret_img /dev/loop0
] mount /dev/mapper/secret_img /secret


It appears I'll have to move things to crypttab: entries in cryptotab with noauto ignore it:

nimrodel:~ # /etc/init.d/boot.crypto start
Activating crypto devices using /etc/cryptotab ...
/dev/disk/by-id/ata-ST3320620A_5QF2M56F-part15: cryptotab_loop0 alreadskippedd
Please enter passphrase for /biggy/
[/sbin/fsck.xfs (1) -- /dev/mapper/cryptotab_loop6] fsck.xfs -a
/sbin/fsck.xfs: XFS file system.
/biggy/ done

The second entry,, which is noaouto, tries to mount.

- -- Cheers,
Carlos E. R.

Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Made with pgp4pine 1.76


To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >