|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
LOSETUP(8) MAINTENANCE COMMANDS LOSETUP(8)
NAME
losetup - set up and control loop devices
SYNOPSIS
losetup [ -e encryption ] [options] loop_device file
losetup -F [options] loop_device [file]
losetup [ -d ] loop_device
losetup -a
DESCRIPTION
losetup is used to associate loop devices with regular files or block
devices, to detach loop devices and to query the status of a loop
device. If only the loop_device argument is given, the status of the
corresponding loop device is shown.
OPTIONS
-a Show status of all loop devices.
-C itercountk
Runs hashed password through itercountk thousand iterations of
AES-256 before using it for loop encryption. This consumes lots
of CPU cycles at loop setup/mount time but not thereafter. In
combination with password seed this slows down dictionary
attacks. Iteration is not done in multi-key mode.
-d Detach the file or device associated with the specified loop
device.
-e encryption
Enable data encryption. Following encryption types are recog-
nized:
NONE Use no encryption (default).
XOR Use a simple XOR encryption.
AES128 AES
Use 128 bit AES encryption. Password is hashed with
SHA-256 by default.
AES192 Use 192 bit AES encryption. Password is hashed with
SHA-384 by default.
AES256 Use 256 bit AES encryption. Password is hashed with
SHA-512 by default.
twofish128 twofish160 twofish192 twofish256
blowfish128 blowfish160 blowfish192 blowfish256
serpent128 serpent192 serpent256 mars128 mars192
mars256 rc6-128 rc6-192 rc6-256 tripleDES
These encryption types are available if they are enabled
in kernel configuration or corresponding modules have
been loaded to kernel.
-F Reads and uses mount options from /etc/fstab that match speci-
fied loop device, including offset= sizelimit= encryption=
pseed= phash= loinit= gpgkey= gpghome= itercountk= and looped to
device/file name. loop= option in /etc/fstab must match speci-
fied loop device name. Command line options take precedence in
case of conflict.
-G gpghome
Set gpg home directory to gpghome, so that gpg uses public/pri-
vate keys on gpghome directory. This is only used when gpgkey
file needs to be decrypted using public/private keys. If gpgkey
file is encrypted with symmetric cipher only, public/private
keys are not required and this option has no effect.
-H phash
Uses phash function to hash password. Available hash functions
are sha256, sha384, sha512 and rmd160. unhashed1, unhashed2 and
unhashed3 functions also exist for compatibility with some obso-
lete implementations.
Hash function random does not ask for password but sets up ran-
dom keys and attempts to put loop to multi-key mode. When ran-
dom/1777 hash type is used as mount option for mount program,
mount program will create new file system on the loop device and
construct initial permissions of file system root directory from
octal digits that follow the slash character.
WARNING! DO NOT USE RANDOM HASH TYPE ON PARTITION WITH EXISTING
IMPORTANT DATA ON IT. RANDOM HASH TYPE WILL DESTROY YOUR DATA.
-I loinit
Passes a numeric value of loinit as a parameter to cipher trans-
fer function. Cipher transfer functions are free to interpret
value as they want.
-K gpgkey
Password is piped to gpg so that gpg can decrypt file gpgkey
which contains the real keys that are used to encrypt loop
device. If decryption requires public/private keys and gpghome
is not specified, all users use their own gpg public/private
keys to decrypt gpgkey. Decrypted gpgkey should contain 1 or 64
or 65 keys, each key at least 20 characters and separated by
newline. If decrypted gpgkey contains 64 or 65 keys, then loop
device is put to multi-key mode. In multi-key mode first key is
used for first sector, second key for second sector, and so on.
65th key, if present, is used as additional input to MD5 IV com-
putation.
-o offset
The data start is moved offset bytes into the specified file or
device. Normally offset is included in IV (initialization vec-
tor) computations. If offset is prefixed with @ character, then
offset is not included in IV computations. @ prefix functional-
ity may not be supported on some older kernels and/or loop
drivers.
-p passwdfd
Read the passphrase from file descriptor passwdfd instead of the
terminal. If -K option is not being used (no gpg key file), then
losetup attempts to read 65 keys from passwdfd, each key at
least 20 characters and separated by newline. If losetup suc-
cessfully reads 64 or 65 keys, then loop device is put to multi-
key mode. If losetup encounters end-of-file before 64 keys are
read, then only first key is used in single-key mode.
-r Read-only mode.
-s sizelimit
Size of loop device is limited to sizelimit bytes. If unspeci-
fied or set to zero, loop device size is set to maximum avail-
able (file size minus offset). This option may not be supported
on some older kernels and/or loop drivers.
-S pseed
Sets encryption password seed pseed which is appended to user
supplied password before hashing. Using different seeds for dif-
ferent partitions makes dictionary attacks slower but does not
prevent them if user supplied password is guessable. Seed is not
used in multi-key mode.
-t timeout
make the password prompt time out after timeout seconds have
passed by.
-T Asks password twice.
-v Verbose mode.
RETURN VALUE
losetup returns 0 on success, nonzero on failure. When losetup displays
the status of a loop device, it returns 1 if the device is not config-
ured and 2 if an error occurred which prevented losetup from determin-
ing the status of the device.
FILES
/dev/loop0,/dev/loop1,... loop devices (major=7)
EXAMPLE
The following commands can be used as an example of using the loop
device.
dd if=/dev/zero of=/file bs=1k count=500
head -c 2925 /dev/random | uuencode -m - | head -n 66 \
| tail -n 65 | gpg --symmetric -a >/etc/fskey9.gpg
losetup -e AES128 -K /etc/fskey9.gpg /dev/loop0 /file
mkfs -t ext2 /dev/loop0
mount -t ext2 /dev/loop0 /mnt
...
umount /dev/loop0
losetup -d /dev/loop0
RESTRICTION
XOR encryption is terribly weak.
AUTHORS
Original version: Theodore Ts'o <tytso@athena.mit.edu>
AES support: Jari Ruusu
Linux 2004-11-25 LOSETUP(8)
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Sat Sep 8 16:40:37 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
sqlite3 man page (5334 hits)
(openSUSE 10.2)
svn man page (5208 hits)
(FreeBSD 6.2)
adv_cap_autoneg man page (4870 hits)
(Solaris 10 11_06)
CPAN man page (4607 hits)
(Suse Linux 10.1)
ssh man page (4342 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (2881 hits)
(Solaris 10 11_06)
netcat man page (2717 hits)
(Suse Linux 10.1)
pprosetup man page (2490 hits)
(Solaris 10 11_06)
startproc man page (2471 hits)
(Suse Linux 10.1)
signal man page (2408 hits)
(Suse Linux 10.1)
|
Man Pages 
