Migrating from loop AES to dm-crypt

nick_battle · September 14, 2012, 8:36am

I’ve just upgraded from openSUSE 12.1 to 12.2. I find that the latest version of mount and losetup do not have the file encryption options they used to, since people should have migrated to dm-crypt.

The trouble is, I now have some encrypted backup volumes that I cannot read! https://lqo-thequestionsnetw.netdna-ssl.com/questions/images/smilies/smile.gif

I used to mount the archives with “mount … -o loop,phash=sha256,encryption=aes128”. It looks like I should be using the loopaesOpen option to cryptsetup to mount these now, but I cannot find a combination of options that works. I’m trying the following:

cryptsetup loopaesOpen <device> <name> --key-file pp --key-size 128 --hash sha256

Where the file pp has my passphrase (without a newline) - that I used to enter at the prompt mount gave when using the “-o loop”. This successfully sets up the mapper, but the result is not recognizable as a filesystem (I think it’s ext2). So I assume the crypto and/or passphrase hash isn’t quite right.

Can anyone help?

nick_battle · September 15, 2012, 12:03pm

There’s a lot more detail about the possible options here DMCrypt - cryptsetup - dm-crypt: Linux kernel device-mapper crypto target - Setup virtual encryption devices under dm-crypt Linux - Google Project Hosting but I still can’t find any combination of options to give compatibility.

I can see why SUSE would remove a legacy facility, like the encryption in losetup, but it would be nice to be told the equivalent settings for the replacement system.

nick_battle · September 18, 2012, 11:03pm

The answer is:

     cryptsetup create mapped <device> -c aes -s 128 -h sha256

Note that this uses the plain “create” option and not the loopaesOpen option.