disabled "li~a,jv`&ţ iCryptsetup 1.2.0 Release Notes ============================== Changes since version 1.2.0-rc1 * Fix crypt_activate_by_keyfile() to work with PLAIN devices. * Fix plain create command to properly handle keyfile size. * Update translations. Changes since version 1.1.3 Important changes ~~~~~~~~~~~~~~~~~ * Add text version of *FAQ* (Frequently Asked Questions) to distribution. * Add selection of random/urandom number generator for luksFormat (option --use-random and --use-urandom). (This affects only long term volume key in *luksFormat*, not RNG used for salt and AF splitter). You can also set the default to /dev/random during compilation with --enable-dev-random. Compiled-in default is printed in --help output. Be very careful before changing default to blocking /dev/random use here. * Fix *luksRemoveKey* to not ask for remaining keyslot passphrase, only for removed one. * No longer support *luksDelKey* (replaced with luksKillSlot). * if you want to remove particular passphrase, use *luksKeyRemove* * if you want to remove particular keyslot, use *luksKillSlot* Note that in batch mode *luksKillSlot* allows removing of any keyslot without question, in normal mode requires passphrase or keyfile from other keyslot. * *Default alignment* for device (if not overridden by topology info) is now (multiple of) *1MiB*. This reflects trends in storage technologies and aligns to the same defaults for partitions and volume management. * Allow explicit UUID setting in *luksFormat* and allow change it later in *luksUUID* (--uuid parameter). * All commands using key file now allows limited read from keyfile using --keyfile-size and --new-keyfile-size parameters (in bytes). This change also disallows overloading of --key-size parameter which is now exclusively used for key size specification (in bits.) * *luksFormat* using pre-generated master key now properly allows using key file (only passphrase was allowed prior to this update). * Add --dump-master-key option for *luksDump* to perform volume (master) key dump. Note that printed information allows accessing device without passphrase so it must be stored encrypted. This operation is useful for simple Key Escrow function (volume key and encryption parameters printed on paper on safe place). This operation requires passphrase or key file. * The reload command is no longer supported. (Use dmsetup reload instead if needed. There is no real use for this function except explicit data corruption:-) * Cryptsetup now properly checks if underlying device is in use and disallows *luksFormat*, *luksOpen* and *create* commands on open (e.g. already mapped or mounted) device. * Option --non-exclusive (already deprecated) is removed. Libcryptsetup API additions: * new functions * crypt_get_type() - explicit query to crypt device context type * crypt_resize() - new resize command using context * crypt_keyslot_max() - helper to get number of supported keyslots * crypt_get_active_device() - get active device info * crypt_set/get_rng_type() - random/urandom RNG setting * crypt_set_uuid() - explicit UUID change of existing device * crypt_get_device_name() - get underlying device name * Fix optional password callback handling. * Allow to activate by internally cached volume key immediately after crypt_format() without active slot (for temporary devices with on-disk metadata) * libcryptsetup is binary compatible with 1.1.x release and still supports legacy API calls * cryptsetup binary now uses only new API calls. * Static compilation of both library (--enable-static) and cryptsetup binary (--enable-static-cryptsetup) is now properly implemented by common libtool logic. Prior to this it produced miscompiled dynamic cryptsetup binary with statically linked libcryptsetup. The static binary is compiled as src/cryptsetup.static in parallel with dynamic build if requested. Other changes ~~~~~~~~~~~~~ * Fix default plain password entry from termi