Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Script for loop-AES key generation

11 views
Skip to first unread message

Max Vozeler

unread,
Nov 12, 2006, 11:16:05 AM11/12/06
to
Hey all,

I've found that, whenever I want to create a new loop-AES key, I
always refer to README and look up/copy the exact command. More
than once I typoed and ended up with a bad key. So I thought, why
not make this into a short shell script.

Attached is one which does just that, along with a man page
that describes the available options. The script has been included
in the Debian package loop-aes-utils for about a year or so and
seems to generally work fine. It should work with any POSIX-
compliant shell (tested with bash, dash, posh, busybox sh).

Let me know if you encounter any problems using it or have
suggestions/patches for improvement. :-)

Features:
- Check for unsafe swap
- Support for v1/v2/v3 type keys
- Symmetric/asymmetric GnuPG encryption
- Configurable cipher

cheers,
Max

loop-aes-keygen.1
loop-aes-keygen

Jari Ruusu

unread,
Nov 14, 2006, 2:58:43 AM11/14/06
to
Max Vozeler wrote:
> Let me know if you encounter any problems using it or have
> suggestions/patches for improvement. :-)

There have been few cases where v3 key file and v2 losetup/mount were used
to set up a file system, and after upgrade to v3 losetup/mount, mounting the
file system failed. There is a warning about this problem in loop-AES README
file, but not everyone reads README files.

May I suggest adding a check that losetup is recent enough. Something like
this:

strings /sbin/losetup | grep -q -s multi-key-v3
if [ $? != 0 ] ; then
echo "too old losetup version"
fi

--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD

-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/


Max Vozeler

unread,
Nov 18, 2006, 9:35:47 AM11/18/06
to
Hi Jari,

On Tue, Nov 14, 2006 at 09:58:43AM +0200, Jari Ruusu wrote:
> There have been few cases where v3 key file and v2 losetup/mount were
> used to set up a file system, and after upgrade to v3 losetup/mount,
> mounting the file system failed. There is a warning about this problem
> in loop-AES README file, but not everyone reads README files.
>
> May I suggest adding a check that losetup is recent enough. Something
> like this:

> strings /sbin/losetup | grep -q -s multi-key-v3
> if [ $? != 0 ] ; then
> echo "too old losetup version"
> fi

Indeed, that's a useful check. Given that strings(1) is part
of binutils, which may not be installed on all systems, I made it
run only if strings can be found. Thanks for your suggestion.

cheers,
Max

warn_too_old.diff
loop-aes-keygen

Jari Ruusu

unread,
Nov 18, 2006, 11:07:14 AM11/18/06
to
Max Vozeler wrote:
> +check_multikey_support ()
> +{
> + strings /sbin/losetup | grep -q -s multi-key-v$1
> +}
> +
[snip]
> +if [ "$version" -gt 1 ] && [ -x /usr/bin/strings ]; then
> + if ! check_multikey_support $version; then
> + echo "Warning: /sbin/losetup too old for v$version keys."
> + fi
> +fi

String to grep for in v3 losetup is multi-key-v3
String to grep for in v2 losetup is multi-key

Your code looks for multi-key-v2 string in v2 losetup. That won't work.

Christian Kujau

unread,
Nov 21, 2006, 9:06:11 PM11/21/06
to
On Sat, 18 Nov 2006, Max Vozeler wrote:
> Indeed, that's a useful check. Given that strings(1) is part
> of binutils, which may not be installed on all systems, I made it
> run only if strings can be found.

...and maybe warn the user, if strings(1) cannot be be found and the
check cannot be performed?

C.
--
BOFH excuse #17:

fat electrons in the lines

Richard Zidlicky

unread,
Nov 22, 2006, 5:07:10 PM11/22/06
to

why strings? "grep -a" works since ages and saves one command.

Richard

Max Vozeler

unread,
Nov 25, 2006, 9:20:21 AM11/25/06
to
Hi all,

On Sat, Nov 18, 2006 at 06:07:14PM +0200, Jari Ruusu wrote:
> String to grep for in v3 losetup is multi-key-v3
> String to grep for in v2 losetup is multi-key
>
> Your code looks for multi-key-v2 string in v2 losetup. That won't work.

On Wed, Nov 22, 2006 at 02:06:11AM +0000, Christian Kujau wrote:
> ...and maybe warn the user, if strings(1) cannot be be found and the
> check cannot be performed?

On Wed, Nov 22, 2006 at 11:07:10PM +0100, Richard Zidlicky wrote:
> why strings? "grep -a" works since ages and saves one command.

Thanks everyone for your fixes and suggestions.

The attached patch changes the script to use grep -a (which is not
in POSIX/SuSv3 or busybox grep, but should generally be available on
normal systems) and fixes the detection of multi-key-v2.

cheers,
Max

loop-aes-keygen
fix_multikey_check.diff

Lionel Elie Mamane

unread,
Nov 25, 2006, 12:16:14 PM11/25/06
to
On Sat, Nov 25, 2006 at 03:20:21PM +0100, Max Vozeler wrote:

> On Wed, Nov 22, 2006 at 11:07:10PM +0100, Richard Zidlicky wrote:
>> why strings? "grep -a" works since ages and saves one command.

> The attached patch changes the script to use grep -a (which is not


> in POSIX/SuSv3 or busybox grep, but should generally be available on
> normal systems)

I don't get the point of combining -a and -q; the effect of -a is that
even if the file is binary, "lines" that match are printed on
stdout. -q tells it not to output anything. So as far as I
understand,"-a -q" is the same as "-q". Which is in SuSv3.

--
Lionel

0 new messages