Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
Quentin Lefebvre
qlefebvre_pro at yahoo.com
Mon Nov 17 17:24:38 GMT 2014
I could provide a patch so that systemd-cryptsetup behaves the same way
as cryptsetup.
But actually, there is even an easier way to solve this: change the
'hash' parameter in /etc/crypttab to 'plain'.
Doing this, cryptdisks_{start,stop} scripts work well, and so do
systemd-cryptsetup (as it will pass a NULL pointer as hash parameter to
cryptsetup, which is also legacy cryptsetup's way to handle keyfile +
hash in plain mode).
This is the correct /etc/crypttab:
vaioHDpart6c_home /dev/sda6 /root/keys/home.key
cipher=aes-xts-plain64,size=512,hash=plain,offset=0
instead of
vaioHDpart6c_home /dev/sda6 /root/keys/home.key
cipher=aes-xts-plain64,size=512,hash=sha512,offset=0
Note that the hash algorithm "sha512" was, in this case, just ignored.
Maybe next versions of cryptsetup will change that.
Of course, don't forget the command:
update-initramfs -k all -u
after changing /etc/crypttab.
Thank you for your help.
Cheers,
Quentin
More information about the Pkg-systemd-maintainers
mailing list