Qayb ka mid ah adeegyada Cryptsetup 2.7 ayaa la daabacay, oo loogu talagalay in lagu habeeyo sirta qaybaha diskka ee Linux iyadoo la adeegsanayo moduleka dm-crypt. Waxay taageertaa dm-crypt, LUKS, LUKS2, BITLK, loop-AES iyo TrueCrypt/VeraCrypt qaybo. Waxa kale oo ka mid ah habaynta dhabta ah iyo utilitysetup integritysetup ee habaynta kontaroolada daacadnimada xogta ee ku salaysan qaybaha dm-verity iyo dm-integrity modules.
Horumarinta muhiimka ah:
- Waa suurtogal in la isticmaalo habka OPAL hardware encryption disk, oo lagu taageerayo SED (Self-encrypting Drives) SATA iyo NVMe wadisyada OPAL2 TCG interface, kaas oo qalabka sirta ah si toos ah loogu dhex dhisay kontaroolaha. Dhinaca kale, sirta OPAL waxay ku xidhan tahay qalabka gaarka ah oo aan loo heli karin hantidhawrka dadweynaha, laakiin, dhinaca kale, waxaa loo isticmaali karaa heer dheeraad ah oo ilaalin ah sirta software, taas oo aan u horseedin hoos u dhac ku yimaada waxqabadka. oo aan culays ku abuurin CPU-ga.
Isticmaalka OPAL gudaha LUKS2 waxay u baahan tahay in la dhiso kernel Linux oo leh CONFIG_BLK_SED_OPAL ikhtiyaarka iyo awood u siinta gudaha Cryptsetup (taageerada OPAL si caadi ah ayay u naafo tahay). Dejinta LUKS2 OPAL waxaa loo fuliyaa si la mid ah sirta software-ka metadata waxa lagu kaydiyaa madaxa LUKS2. Furaha waxa loo kala qaybiyay qayb qaybeed furaha sirta software (dm-crypt) iyo furaha furaha ee OPAL. OPAL waxaa lala isticmaali karaa sirta software (cryptsetup luksFormat --hw-opal ), iyo si gooni ah (cryptsetup luksFormat βhw-opal-kaliya ). OPAL waa loo hawlgeliyay oo loo demi si la mid ah (furan, dhow, luksSuspend, luksResume) sida aaladaha LUKS2.
- Qaabka cad, kaas oo furaha sayidkiisa iyo madaxa aan lagu kaydin diskka, cipher-ga caadiga ah waa aes-xts-plain64 iyo algorithmamka hashing sha256 (XTS waxa loo isticmaalaa halkii habka CBC, kaas oo leh dhibaatooyin wax qabad, iyo sha160 waa la isticmaalaa. halkii uu ka ahaan lahaa bislaaday256 xashiish).
- Amarrada furan iyo luksResume waxay u oggolaanayaan furaha qaybinta in lagu kaydiyo furaha kernel-ka ee isticmaaluhu doortay (keyring). Si aad u gasho furaha, doorashada "- mugga-key-keying" ayaa lagu daray amarro badan oo cryptsetup ah (tusaale 'cryptsetup open --link-vk-to-keyring "@s::% user: testkey" tst').
- Nidaamyada aan lahayn qayb kala beddelasho, samaynta qaab ama abuurista furaha furaha ee PBKDF Argon2 hadda waxay isticmaashaa badh ka mid ah xusuusta bilaashka ah, taas oo xallinaysa dhibaatada xusuusta la heli karo ee nidaamyada leh qadar yar oo RAM ah.
- Lagu daray "--external-tokens-path" doorasho si loo qeexo hagaha kuwa gacanta ku haya calaamada LUKS2 (plugins).
- tcrypt waxay ku dartay taageerada Blake2 hashing algorithm ee VeraCrypt.
- Taageerada lagu daray Aria block cipher
- Taageero lagu daray Argon2 gudaha OpenSSL 3.2 iyo hirgelinta libgcrypt, taasoo meesha ka saartay baahida libargon.
Source: opennet.ru