1 |
Am 18.04.2015 um 12:27 schrieb Marko Weber | 8000: |
2 |
|
3 |
> i try to crypt a partition with cryptsetup. |
4 |
> Yes, in Kernel i had all need things i think. |
5 |
|
6 |
No, you haven't. |
7 |
|
8 |
You need to make those changes: |
9 |
> CONFIG_CRYPTO_XTS=m |
10 |
CONFIG_CRYPTO_XTS=y |
11 |
> CONFIG_CRYPTO_AES_X86_64=m |
12 |
CONFIG_CRYPTO_AES_X86_64=y |
13 |
> CONFIG_CRYPTO_AES_NI_INTEL=m |
14 |
CONFIG_CRYPTO_AES_NI_INTEL=y (only if you have an Intel CPU) |
15 |
|
16 |
You have to compile the modules which are necessary for the encryption |
17 |
method you're using directly into the kernel, not as a module, because |
18 |
the kernel needs them directly at boot time. |
19 |
|
20 |
> but when i try to use cryptsetup i get this: |
21 |
> |
22 |
> # cryptsetup -c aes-xts:plain64 -y -s 256 luksFormat |
23 |
> /dev/mapper/VolGroup01-media2 |
24 |
|
25 |
The correct command is: |
26 |
|
27 |
# cryptsetup -s 256 -y -c aes-xts-plain64 luksFormat |
28 |
/dev/mapper/VolGroup01-media2 |
29 |
|
30 |
Maybe you should consider those parameters: |
31 |
-s 512 (for a longer key) |
32 |
-h sha512 (otherwise sha1 will get used for the password hash) |
33 |
--use-random (manpage says: "Using /dev/urandom can lead to weak keys.") |