Mailinglist Archive: opensuse-security (128 mails)

< Previous Next >
Re: [opensuse-security] How does one convert from /etc/cryptotab to /etc/crypttab
  • From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
  • Date: Fri, 30 Nov 2007 12:33:41 +0100 (CET)
  • Message-id: <alpine.LSU.0.9999.0711301155240.2626@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The Friday 2007-11-30 at 11:28 +0100, Carlos E. R. wrote:

Testing. I create in '/etc/cryptotab' the line:

/dev/loop6 /biggy/crypta_f.mm.x /mnt/crypta.mm.x xfs twofish256 noauto,user,noatime,nodiratime


nimrodel:~ # /etc/init.d/boot.crypto start /mnt/crypta.mm.x
/mnt/crypta.mm.x: xfs doesn't exist skipped
Please enter passphrase for /biggy/crypta_f.mm.x: Command failed: Key
reading error
/biggy/crypta_f.mm.x... failed


Sorry, my fault. I had a temporary line left over from copypasting. It works!


nimrodel:~ # /etc/init.d/boot.crypto start /mnt/crypta.mm.x
Please enter passphrase for /biggy/crypta_f.mm.x:
[/sbin/fsck.xfs (1) -- /dev/mapper/cryptotab_loop6] fsck.xfs -a
/dev/mapper/cryptotab_loop6
/sbin/fsck.xfs: XFS file system.
/biggy/crypta_f.mm.x... done




Reading your web page, I have a new doubt:


] Example: new /etc/crypttab and /etc/fstab for twofish256 cryptoloop ] image
]
] crypttab:
]
] secret /secret.img none
cipher=twofish-cbc-plain,size=256,hash=sha512,itercountk=100
]
] fstab:
]
] /dev/mapper/secret /secret ext2 noauto,acl,user_xattr 0 0


Currently I'm using /etc/cryptotab:

/dev/loop6 /biggy/crypta_f.mm.x /mnt/crypta.mm.x xfs twofish256
noauto,user,noatime,nodir


which seems easier that crypttab, but if the needed options are those you write there, then it is easy enough. However... Do I need the fstab line if I mount it via /etc/init.d/boot.crypto? Because mounting via boot.crypto is obviously simpler than the three line commands you write:

] losetup /dev/loop0 /secret.img
] cryptsetup --hash sha512 --cipher twofish-cbc-plain --key-size 256 create
secret_img /dev/loop0
] mount /dev/mapper/secret_img /secret


[...]

It appears I'll have to move things to crypttab: entries in cryptotab with noauto ignore it:


nimrodel:~ # /etc/init.d/boot.crypto start
Activating crypto devices using /etc/cryptotab ...
/dev/disk/by-id/ata-ST3320620A_5QF2M56F-part15: cryptotab_loop0 alreadskippedd
Please enter passphrase for /biggy/crypta_f.mm.x:
[/sbin/fsck.xfs (1) -- /dev/mapper/cryptotab_loop6] fsck.xfs -a
/dev/mapper/cryptotab_loop6
/sbin/fsck.xfs: XFS file system.
/biggy/crypta_f.mm.x... done


The second entry,, which is noaouto, tries to mount.


- -- Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFHT/UdtTMYHG2NR9URAlEuAJwOLUvKKGK0unDRDKifam9epkGzHACeKOVv
87u9941QFibn78xhB00L+R0=
=H++J
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >