|
|
https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
Device-mapper is infrastructure
in the Linux kernel that provides a generic way to create virtual
layers of block devices.
Device-mapper crypt target provides transparent encryption
of block devices using the kernel crypto API.
The user can basically specify one of the symmetric ciphers,
an encryption mode, a key (of any allowed size), an iv generation
mode and then the user can create a new block device in /dev.
Writes to this device will be encrypted and reads decrypted.
You can mount your filesystem on it as usual or stack dm-crypt
device with another device like RAID or LVM volume.
Basic documentation of dm-crypt mapping table comes with kernel
source and the latest version is available
in git repository.
To enable dm-crypt support, enable CONFIG_DM_CRYPT in Device
Drivers/Multi-device support (RAID and LVM) configuration option.
Most of distributions have dm-crypt included by default.
To configure you need userspace components: device mapper library
(part of LVM2 package) and cryptsetup.
All these packages are usually included in your distro repository already.
Check /proc/crypto which contains supported ciphers and modes
(but note it contains only currently loaded crypto API modules).
There is currently no better way how to list all available variations
of cipher and modes if the crypto modules are not loaded.
|
|
发表于 2018-6-4 14:52:39