cryptsetup-2.4.3

Introduction to cryptsetup

cryptsetup is used to set up transparent encryption of block devices using the kernel crypto API.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

Download (HTTP): https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-2.4.3.tar.xz
Download MD5 sum: 2303d57e78d4977344188a46e125095c
Download size: 11 MB
Estimated disk space required: 29 MB (add 5 MB for tests)
Estimated build time: 0.2 SBU (add 19 SBU for tests)

cryptsetup Dependencies

Required

JSON-C-0.16, LVM2-2.03.18, and popt-1.19

Optional

libpwquality-1.4.5, argon2, libssh, and passwdqc

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/cryptsetup

Kernel Configuration

Encrypted block devices require kernel support. To use it, the appropriate kernel configuration parameters need to be set:

Device Drivers  --->
  [*] Multiple devices driver support (RAID and LVM) ---> [CONFIG_MD]
       <*/M> Device mapper support                        [CONFIG_BLK_DEV_DM]
       <*/M> Crypt target support                         [CONFIG_DM_CRYPT]

Cryptographic API  --->
  <*/M> XTS support                                       [CONFIG_CRYPTO_XTS]
  <*/M> SHA224 and SHA256 digest algorithm                [CONFIG_CRYPTO_SHA256]
  <*/M> AES cipher algorithms                             [CONFIG_CRYPTO_AES]
  <*/M> User-space interface for symmetric key cipher algorithms
                                                          [CONFIG_CRYPTO_USER_API_SKCIPHER]
  For tests:
  <*/M> Twofish cipher algorithm                          [CONFIG_CRYPTO_TWOFISH]

Installation of cryptsetup

Install cryptsetup by running the following commands:

./configure --prefix=/usr --disable-ssh-token &&
make

To test the result, issue as the root user: make check. Some tests will fail if appropriate kernel configuration options are not set. Some additional options that may be needed for tests are: CONFIG_SCSI_LOWLEVEL, CONFIG_SCSI_DEBUG, CONFIG_BLK_DEV_DM_BUILTIN, CONFIG_CRYPTO_USER, CONFIG_CRYPTO_CRYPTD, CONFIG_CRYPTO_LRW, CONFIG_CRYPTO_XTS, CONFIG_CRYPTO_ESSIV, CONFIG_CRYPTO_CRCT10DIF, CONFIG_CRYPTO_AES_TI, CONFIG_CRYPTO_AES_NI_INTEL, CONFIG_CRYPTO_BLOWFISH, CONFIG_CRYPTO_CAST5, CONFIG_CRYPTO_SERPENT, CONFIG_CRYPTO_SERPENT_SSE2_X86_64, CONFIG_CRYPTO_SERPENT_AVX_X86_64, CONFIG_CRYPTO_SERPENT_AVX2_X86_64, and CONFIG_CRYPTO_TWOFISH_X86_64.

Now, as the root user:

make install

Command Explanations

--disable-ssh-token: This option is required if the optional libssh dependency is not installed.

Configuring cryptsetup

Because of the number of possible configurations, setup of encrypted volumes is beyond the scope of the BLFS book. Please see the configuration guide in the cryptsetup FAQ.

Installed Programs: cryptsetup, cryptsetup-reencrypt, integritysetup, and veritysetup

Installed Libraries: libcryptsetup.so

Installed Directories: None

Short Descriptions

cryptsetup	is used to setup dm-crypt managed device-mapper mappings
cryptsetup-reencrypt	is a tool for offline LUKS device re-encryption
integritysetup	is a tool to manage dm-integrity (block level integrity) volumes
veritysetup	is used to configure dm-verity managed device-mapper mappings. Device-mapper verity target provides read-only transparent integrity checking of block devices using kernel crypto API

Prev
CrackLib-2.9.8
Next
Cyrus SASL-2.1.28
Up
Home

Beyond Linux® From Scratch (System V Edition) - Version r11.2-1338

Chapter 4. Security