[pkg-cryptsetup-devel] unclear LUKS format version from the manpage (Was: Debian Installer Buster RC 2 release)

Guilhem Moulin guilhem at debian.org
Mon Jul 1 02:54:46 BST 2019 

Hi there,

On Mon, 01 Jul 2019 at 02:54:30 +0200, Cyril Brulebois wrote:
>> [1] https://manpages.debian.org/testing/cryptsetup-bin/cryptsetup.8.en.html
>> 
>> ,----
>> | LUKS2 is a new version of header format that allows additional extensions like
>> | different PBKDF algorithm or authenticated encryption. You can format device
>> | with LUKS2 header if you specify --type luks2 in luksFormat command. For
>> | activation, the format is already recognized automatically.
>> `----
>> [2] https://gitlab.com/cryptsetup/cryptsetup/blob/master/man/cryptsetup.8#L241
>> 
>> and
>> 
>> ,----
>> | To use LUKS2, specify --type luks2.
>> `----
>> [3] https://gitlab.com/cryptsetup/cryptsetup/blob/master/man/cryptsetup.8#L278
> 
> That doesn't say much about the default setting; but I can see how one
> could read it as “this is not the default”.

Thanks for the feedback indeed, that manpage snippet should probably be
reformulated.  Would you mind filing a bug against the cryptsetup-bin
package?  I can also do it otherwise.  That bit was likely written for
2.0 (when LUKS2 support was introduced), and not updated for 2.1 (when
LUKS2 was made the default LUKS format).

The compiled in-default for cryptsetup(8) can be obtained with

    ~$ cryptsetup --help
    […]
    Default compiled-in metadata format is LUKS2 (for luksFormat action).
    […]

That setting, as well as other compiled-in defaults (PBKDF algorithm and
parameters, ciphers, modes), comes from upstream.  The Debian binary doesn't
differ in that regard.

>> P.s. I am not on the list, I read this via debian-devel-announce.

Likewise I'm not subscribed to debian-boot.

Cheers,
-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20190701/12e66426/attachment.sig>

More information about the pkg-cryptsetup-devel mailing list