The Crypt Mapping Target - Red Hat ENTERPRISE LINUX 5 - LOGICAL VOLUME MANAGER ADMINISTRATION Manual

Hide thumbs Also See for ENTERPRISE LINUX 5 - LOGICAL VOLUME MANAGER ADMINISTRATION:

Deployment manual (848 pages)

Manual (402 pages)

Configuration (86 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

Table of Contents

0 71014400 multipath 0 0 1 1 round-robin 0 4 1 66:112 1000 \

67:176 1000 68:240 1000 65:48 1000

For further information about multipathing, see the Using Device Mapper Multipath document.

A.1.8. The crypt Mapping Target

The crypt target encrypts the data passing through the specified device. It uses the kernel Crypto

API.

The format for the crypt target is as follows:

start length crypt cipher key IV-offset device offset

start

starting block in virtual device

length

length of this segment

cipher

Cipher consists of cipher[-chainmode]-ivmode[:iv options].

cipher

Ciphers available are listed in /proc/crypto (for example, aes).

chainmode

Always use cbc. Do not use ebc; it does not use an initial vector (IV).

ivmode[:iv options]

IV is an initial vector used to vary the encryption. The IV mode is plain or essiv:hash. An

ivmode of -plain uses the sector number (plus IV offset) as the IV. An ivmode of -essiv

is an enhancement avoiding a watermark weakness

key

Encryption key, supplied in hex

IV-offset

Initial Vector (IV) offset

device

block device, referenced by the device name in the filesystem or by the major and minor numbers

in the format major:minor

offset

starting offset of the mapping on the device

The following is an example of a crypt target.

0 2097152 crypt aes-plain 0123456789abcdef0123456789abcdef 0 /dev/hda 0