trunk/debian/README.Debian

Cryptsetup for Debian
---------------------

 Cryptsetup is a command-line interface for configuring encrypted block
devices via dm-crypt, a kernel device-mapper target.
The Debian cryptsetup package provides the initscript /etc/init.d/cryptdisks
and a configuration file /etc/crypttab for automatically configuring
encrypted devices at boot time. See man crypttab(5) for more information.

 The /sbin/luksformat script provides a simple interface for creating an
encrypted device that follows the LUKS standard and for putting a file system
onto the encrypted device. See man luksformat(8) for more information.

For instructions about how to encrypt your swap partition(s), see
        /usr/share/doc/cryptsetup/CryptoSwap.HowTo

For instructions about how to encrypt your root filesystem, see
        /usr/share/doc/cryptsetup/CryptoRoot.HowTo

 The 'check' option in crypttab allows to configure checks to be run against
the target device after cryptsetup has been invoked.
Checks can for example check for a filesystem. The checkscripts are placed in
/lib/cryptsetup/checks/. If need to write a check that is not yet provided
by the package, see the existing ones as a reference.

 The 'precheck' option is for configuring checks to be run against the source
device before cryptsetup has been invoked. They are only available for plain
cryptsetup devices. LUKS devices have a hardcoded precheck that uses the
'isLuks' command of cryptsetup.
As there is no way to check a device for plain cryptsetup data, you can only
check for data that should not be on the device. for example the check could
search for common filesystems on the device, and abort if it finds any.
As this will never really ensure that no data is lost, the package doesn't
provide such a check.
Another example for a precheck could be to check the partition table id. For
a device that shall be used as swap partition, it could verify that only
partitions with type 'swap' (82) are used for encrypted swap.

 Please send us your checks, if you write new ones. If they are generally
useful, we will include them in the package.

 See CheckSystem.Doc and man crypttab(5) for more information about the
checksystem.

 -- Jonas Meurer <mejo@debian.org>, Sun, 26 Feb 2006 20:03:28 +0100
1	Cryptsetup for Debian
2	---------------------
3
4	Cryptsetup is a command-line interface for configuring encrypted block
5	devices via dm-crypt, a kernel device-mapper target.
6	The Debian cryptsetup package provides the initscript /etc/init.d/cryptdisks
7	and a configuration file /etc/crypttab for automatically configuring
8	encrypted devices at boot time. See man crypttab(5) for more information.
9
10	The /sbin/luksformat script provides a simple interface for creating an
11	encrypted device that follows the LUKS standard and for putting a file system
12	onto the encrypted device. See man luksformat(8) for more information.
13
14	For instructions about how to encrypt your swap partition(s), see
15	/usr/share/doc/cryptsetup/CryptoSwap.HowTo
16
17	For instructions about how to encrypt your root filesystem, see
18	/usr/share/doc/cryptsetup/CryptoRoot.HowTo
19
20	The 'check' option in crypttab allows to configure checks to be run against
21	the target device after cryptsetup has been invoked.
22	Checks can for example check for a filesystem. The checkscripts are placed in
23	/lib/cryptsetup/checks/. If need to write a check that is not yet provided
24	by the package, see the existing ones as a reference.
25
26	The 'precheck' option is for configuring checks to be run against the source
27	device before cryptsetup has been invoked. They are only available for plain
28	cryptsetup devices. LUKS devices have a hardcoded precheck that uses the
29	'isLuks' command of cryptsetup.
30	As there is no way to check a device for plain cryptsetup data, you can only
31	check for data that should not be on the device. for example the check could
32	search for common filesystems on the device, and abort if it finds any.
33	As this will never really ensure that no data is lost, the package doesn't
34	provide such a check.
35	Another example for a precheck could be to check the partition table id. For
36	a device that shall be used as swap partition, it could verify that only
37	partitions with type 'swap' (82) are used for encrypted swap.
38
39	Please send us your checks, if you write new ones. If they are generally
40	useful, we will include them in the package.
41
42	See CheckSystem.Doc and man crypttab(5) for more information about the
43	checksystem.
44
45	-- Jonas Meurer <mejo@debian.org>, Sun, 26 Feb 2006 20:03:28 +0100