N.B. If key file is in GPG encrypted format, you have to use
\-\-key-file=- and decrypt it before use.
-gpg --decrypt <keyfile> | cryptsetup loopaesOpen \-\-key-file=- <device> <name>
+gpg \-\-decrypt <keyfile> | cryptsetup loopaesOpen \-\-key-file=- <device> <name>
Use \fB\-\-key-file\fR to specify proper key length, default compiled-in
parameters are visible in \fB\-\-help\fR output.
If not changed, the default is for plain dm-crypt and LUKS mappings
"aes-cbc-essiv:sha256".
-For pre-2.6.10 kernels, use "aes-plain" as they don't understand
-the new cipher spec strings. To use ESSIV, use "aes-cbc-essiv:sha256".
-
For XTS mode, kernel version 2.6.24 or more recent is required.
-Use "aes-xts-plain" cipher specification and set key size to 256
+Use "aes-xts-plain64" cipher specification and set key size to 256
(or 512) bits (see \-s option).
+Note that plain64 IV (Initialization Vector) is available since kernel version 2.6.33
+and it is full 64bit version of plain IV. For more info please see FAQ.
.TP
.B "\-\-verify-passphrase, \-y"
query for passwords twice. Useful when creating a (regular) mapping
keyslot.
Second type is used for volume (master) key. You can switch between
-using /dev/random and /dev/urandom here, see \fP--use-random\fR and \fP--use-urandom\fR
+using /dev/random and /dev/urandom here, see \fP\-\-use-random\fR and \fP\-\-use-urandom\fR
options. Using /dev/random on system without enough entropy sources
can cause \fPluksFormat\fR to block until the requested amount of random data is gathered.
See \fPurandom(4)\fR for more information.
projects / platform / upstream / cryptsetup.git / blobdiff