I've seen, that this document gets many hits from Christophe Saout's page. Instead of piping the output into losetup, as shown below, one can take cryptsetup instead and pipe the output of the key hashing into it to setup a mapping for dm-crypt.

With the introduction of cryptoloop in the 2.5.x kernel series many users started to ask how to use it. First of all, one has to recognize that there are 3 different patch sets to enable losetup to handle crypto:

1. kerneli.org, the guys that created CryptoAPI 2.4 (notice it's totally differnt from 2.5's CryptoAPI made by JMorris)
   
2. loop-AES
3. util-linux 2.12

This document only describes how to immigrate from the first to the third patch set, since I think the last method will be used in further util-linux releases. The reason to do so is, the kerneli patch tries to access /proc/crypto/<ciphername> to parse the supported keysize for the cipher in use.  JMorris' CryptoAPI which is used in 2.5.x uses a totally different interface: /proc/crypto, a single file with all ciphers, so kerneli's patch will fail complaining about a missing /proc/crypto/ interface. One can get my patch and enable the kerneli util-linux version to parse /proc/crypto instead of /proc/crypto/. However I don't recommend that method since this is phase-out model, you'd better use the following method.

util-linux 2.12 is broken. Even it's the first version that claims to officially support crypto it can't be used to enable encryption in a way that makes sense. Although it can be used to set ASCII keys I doubt the usefulness of those keys, as well it can't be used to set keys hashed with RMD160 since those keys are binary and binary keys can't be read because of a few bugs. So one has to fix losetup to enable it to read binary keys with variable key sizes properly.

Here is the patch. (If you don't know how to patch, hands off encryption for the next couple of years)

kerneli's util-linux used RMD160 to hash keys. You need an external program like hashalot to feed the keys to losetup, since losetup 2.12 omits the internal hashing feature (which is IMHO a good thing). So basically it's: hashalot rmd160 | losetup -e <yourciphername> /dev/loop/X /dev/whatever But this has only one problem: The key length. Hashalot will output 32 bytes and losetup will therefor use a 32*8=256 bit key. Sounds good, you might think if you've used: losetup -e <cipher> -k 256 /dev/loopX /dev/...". I don't know why, but kerneli has never honored the -k switch. You have ALWAYS used a 128 bit key. Don't ask me why, I have no idea.

So you have to truncate hashalot's output to 16 bytes to make losetup use 16*8=128bit instead. This can be easily done with another patch and the use of the new RMD160 compatibly mode named "rmd160compat".(News: You don't need the patch with hashalot 0.2.0. Thanks Ben) hashalot rmd160compat | losetup -e <yourciphername> /dev/loop/X /dev/whatever .. or you can use a construct similar to this.. hashalot rmd160 | dd bs=16 count=1 | losetup -e <yourciphername> /dev/loop/X /dev/whatever

Instead of deducting the way losetup has done your key setup by crystal ball glazing, you can do it the hard way. Use lo-tracker to track losetup ioctl key setup calls and intercept the binary key. See lo-tracker. The key is printed as hex, so if you want to reuse it with losetup you have to craft a file containing exactly that content. Midnight Command or biew are capable of doing that. But if you want to avoid that you can switch to device mapper and use the hex printed key for dmsetup, since dmsetup assumes the key in this form.

The kerneli implementation of Serpent has been "reversed", a common implementation error of the serpent cipher (with decryption/encryption switched). For 2.6 HVR has provided us with the tnepres cipher. Those of you with some lexical intuition have already recognised that tnepres is serpent reversed, thus it's compatible with the 2.4 serpent./p> Get Ruben Garcia's port (2.6.0-test4 or above), apply, and use "-e tnepres" instead of "-e serpent" to losetup.

Courtesy of Gregor Larson and Yoav Weiss, the following script will allow mounting a AES128 or AES256 loop-aes partition with dm-crypt. See comments in the script header for more advice. loopaes. Any modifications allowing this script to cope with more loop-AES modes are welcome.

---

Now you should have set up the same cryptographic transformation as with kerneli's util-linux. Suggestions, or a section how to migrate from loop-AES util-linux patch set to losetup 2.12 are welcome.