A.1.8. The crypt Mapping Target

A.1.8. The crypt Mapping Target

The crypt target encrypts the data passing through the specified device. It uses the kernel Crypto API.

The format for the crypt target is as follows:

start length crypt cipher key IV-offset device offset

starting block in virtual device


length of this segment


Cipher consists of cipher[-chainmode]-ivmode[:iv options].


Ciphers available are listed in /proc/crypto (for example, aes).


Always use cbc. Do not use ebc; it does not use an initial vector (IV).

ivmode[:iv options]

IV is an initial vector used to vary the encryption. The IV mode is plain or essiv:hash. An ivmode of -plain uses the sector number (plus IV offset) as the IV. An ivmode of -essiv is an enhancement avoiding a watermark weakness


Encryption key, supplied in hex


Initial Vector (IV) offset


block device, referenced by the device name in the filesystem or by the major and minor numbers in the format major:minor


starting offset of the mapping on the device

The following is an example of a crypt target.

0 2097152 crypt aes-plain 0123456789abcdef0123456789abcdef 0 /dev/hda 0

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.