Closed GoogleCodeExporter closed 9 years ago
> drop --skip in its favor, since:
> cryptsetup --skip x <=> cryptsetup --offset=x --iv_offset=x
I think this is not correct. --skip is not dependent on --offset, it is n fact
directly <iv_offset> in dmcrypt mapping table. (yes, it is stupid name but
that's for historic reason)
See:
# echo "blah"| cryptsetup create x /dev/sdb --skip 34 --offset 56
# dmsetup table --showkeys
x: 0 417736 crypt aes-cbc-essiv:sha256 b9d....16 34 8:16 56
So do not understand what is missing here...
Original comment by gmazyl...@gmail.com
on 11 Dec 2013 at 8:24
You are right: "skip" really is the "iv_offset" option that I was looking for.
I hadn't tested this and was going solely by the documentation in the man
pages.
And I have to say it's a bit misleading...
<quote>
--offset, -o <number of 512 byte sectors>
Start offset in the backend device in 512-byte sectors. This option is only
relevant for the open action with plain or loopaes device types.
--skip, -p <number of 512 byte sectors>
How many sectors of the encrypted data to skip at the beginning. This option is
only relevant for the open action with plain or loopaes device types.
This is different from the --offset options with respect to the sector numbers
used in IV calculation. Using --offset will shift the IV calculation by the
same negative amount. Hence, if --offset n, sector n will get a sector number
of 0 for the IV calculation. Using --skip causes sector n to also be the first
sector of the mapped device, but with its number for IV generation is n.
</quote>
Especially the last sentence... "--skip n" option by itself does not cause
sector n to be the first sector of the mapped device ("--offset n" option is
still required for that). However, in combination with "--offset n", it does
alter the IV calculation, as described.
Thanks for the clarification and please consider updating the above description.
Original comment by y...@indiatimes.com
on 11 Dec 2013 at 9:48
Yes, man page was misleading. I tried to describe it better now, in commit
http://code.google.com/p/cryptsetup/source/detail?r=79956a4d47cd6a5811b41a0edd53
4bb091662fb9
Thanks.
Original comment by gmazyl...@gmail.com
on 11 Dec 2013 at 10:24
Original issue reported on code.google.com by
y...@indiatimes.com
on 11 Dec 2013 at 4:31