A.1.8. The crypt Mapping Target

A.1.8. The crypt Mapping Target

The crypt target encrypts the data passing through the specified device. It uses the kernel Crypto API.

The format for the crypt target is as follows:

start length crypt cipher key IV-offset device offset
start

starting block in virtual device

length

length of this segment

cipher

Cipher consists of cipher[-chainmode]-ivmode[:iv options].

cipher

Ciphers available are listed in /proc/crypto (for example, aes).

chainmode

Always use cbc. Do not use ebc; it does not use an initial vector (IV).

ivmode[:iv options]

IV is an initial vector used to vary the encryption. The IV mode is plain or essiv:hash. An ivmode of -plain uses the sector number (plus IV offset) as the IV. An ivmode of -essiv is an enhancement avoiding a watermark weakness

key

Encryption key, supplied in hex

IV-offset

Initial Vector (IV) offset

device

block device, referenced by the device name in the filesystem or by the major and minor numbers in the format major:minor

offset

starting offset of the mapping on the device

The following is an example of a crypt target.

0 2097152 crypt aes-plain 0123456789abcdef0123456789abcdef 0 /dev/hda 0

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.