* Add --device-size option for reencryption tool.
* Switch to use unit suffix for --reduce-device-size option.
* Remove open device debugging feature (no longer needed).
* Introduce cryptsetup-reencrypt - experimental offline LUKS reencryption tool.
* Fix luks-header-from-active script (do not use LUKS header on-disk, add UUID).
* Add --test-passphrase option for luksOpen (check passphrase only).
* Introduce veritysetup for dm-verity target management.
* Both data and header device can now be a file.
* Loop is automatically allocated in crypt_set_data_device().
* Require only up to last keyslot area for header device (ignore data offset).
* Fix header backup and restore to work on files with large data offset.
* Fix readonly activation if underlying device is readonly (1.4.0).
* Fix keyslot removal (wipe keyslot) for device with 4k hw block (1.4.0).
* Allow empty cipher (cipher_null) for testing.
* Fix loop mapping on readonly file.
* Relax --shared test, allow mapping even for overlapping segments.
* Support shared flag for LUKS devices (dangerous).
* Switch on retry on device remove for libdevmapper.
* Allow "private" activation (skip some udev global rules) flag.
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=91
- boot.crypto:
* prefer physdev from crypttab
* fix non-plymouth use
- new version 1.4.2
* Fix header check to support old (cryptsetup 1.0.0) header alignment. (1.4.0)
* Add --keyfile-offset and --new-keyfile-offset parameters to API and CLI.
* Add repair command and crypt_repair() for known LUKS metadata problems repair.
* Allow to specify --align-payload only for luksFormat.
* Unify password verification option.
* Support password verification with quiet flag if possible. (1.2.0)
* Fix retry if entered passphrases (with verify option) do not match.
* Support UUID=<LUKS_UUID> format for device specification.
* Add --master-key-file option to luksOpen (open using volume key).
* Fix use of empty keyfile.
* Fix error message for luksClose and detached LUKS header.
* Allow --header for status command to get full info with detached header.
- boot.crypto:
* avoid warning about module 'kernel' (bnc#741468)
* incorporate plymouth support
OBS-URL: https://build.opensuse.org/request/show/114171
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=72
* Fix header check to support old (cryptsetup 1.0.0) header alignment. (1.4.0)
* Add --keyfile-offset and --new-keyfile-offset parameters to API and CLI.
* Add repair command and crypt_repair() for known LUKS metadata problems repair.
* Allow to specify --align-payload only for luksFormat.
* Unify password verification option.
* Support password verification with quiet flag if possible. (1.2.0)
* Fix retry if entered passphrases (with verify option) do not match.
* Support UUID=<LUKS_UUID> format for device specification.
* Add --master-key-file option to luksOpen (open using volume key).
* Fix use of empty keyfile.
* Fix error message for luksClose and detached LUKS header.
* Allow --header for status command to get full info with detached header.
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=83
* Add selection of random/urandom number generator for luksFormat
(option --use-random and --use-urandom).
* Fix luksRemoveKey to not ask for remaining keyslot passphrase,
only for removed one.
* No longer support luksDelKey (replaced with luksKillSlot).
* if you want to remove particular passphrase, use luksKeyRemove
* if you want to remove particular keyslot, use luksKillSlot
Note that in batch mode luksKillSlot allows removing of any keyslot
without question, in normal mode requires passphrase or keyfile from
other keyslot.
* Default alignment for device (if not overridden by topology info)
is now (multiple of) *1MiB*.
This reflects trends in storage technologies and aligns to the same
defaults for partitions and volume management.
* Allow explicit UUID setting in luksFormat and allow change it later
in luksUUID (--uuid parameter).
* All commands using key file now allows limited read from keyfile using
--keyfile-size and --new-keyfile-size parameters (in bytes).
This change also disallows overloading of --key-size parameter which
is now exclusively used for key size specification (in bits.)
* luksFormat using pre-generated master key now properly allows
using key file (only passphrase was allowed prior to this update).
* Add --dump-master-key option for luksDump to perform volume (master)
key dump. Note that printed information allows accessing device without
passphrase so it must be stored encrypted.
This operation is useful for simple Key Escrow function (volume key and
encryption parameters printed on paper on safe place).
This operation requires passphrase or key file.
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=58