Carlos E. R. wrote:
According to the release notes, I thought that /etc/cryptotab was to be converted to /etc/crypttab while upgrading 10.2 to 10.3, but it wasn't.
No, it won't be converted. boot.crypto just transparently uses dm-crypt for both files now. So you actually don't have to do anything.
But I don't see clearly. It says:
· The first column, target device specifies the mapped device name. It must be a plain filename without any directories. A mapped device /dev/mapper/device name will be created by cryptsetup(8) crypting data from and onto the source device. To actually mount that device it needs to be listed in /etc/fstab.
Ie, is it an invented name? A non existing name in /dev/mapper/? Like /dev/mapper/MyCrypto?
Yes.
Now, third field:
· The third column key file specifies the file to use for decrypting the encrypted data of the source device. It can also be a device name (e.g. /dev/urandom, which is useful for encrypted swap devices). Warning: luks does not support infinite streams (like /dev/urandom), it requires a fixed size key.
Are they talking of the mount point? A file containing the passphrase? I believe the second.
A file containing the binary key itself. If you type the passphrase interactively just specify 'none'. I guess I should rephrase the description.
· The fourth field options specifies the cryptsetup options associated with the encryption process. At minimum, the field should contain the string luks or the cipher, hash and size options. Options have to be specified in the format: key=value[,key=value ...]
Cipher, hash, size.... I have no idea how to relate this to the original remaining options:
See the examples at the end of the man page. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org