The option --disable-luks2-reencryption completely disable
LUKS2 reencryption code.
When used, the libcryptsetup library can read metadata with
reencryption code, but all reencryption API calls and cryptsetup
reencrypt commands are disabled.
Devices with online reencryption in progress cannot be activated.
This option can cause some incompatibilities. Please use with care.
Search for token handlers in %{libdir}/cryptsetup directory
by default. Distros may change default location via
--with-luks2-external-tokens-path parameter during configuration.
Cryptsetup LUKS2 was using Argon2 while there were two versions -
data independt (Argon2i) suitable for the KDF use case andm Argon2d
(data dependent), that is in princile unsuitable for LUKS2.
Later a new version Argon2id was introduced and this is now default
(and mandatory) algorithm as RFC Argon2 draft defines.
While Argon2id basically combines both approaches from Argon2i
and Argon2d (to provide bette side-channel resistence) it seems
reasonable to switch to Argon2id as default.
Fixes: #555
Starting with version 2.0.0, libpasswdqc can use memory allocation
when loading configuration that contains new optional parameters.
It's therefore recommended to free all memory allocated by
passwdqc_params_load using new passwdqc_params_free function
introduced in the same version of libpasswdqc.
[slightly modified by mbroz]
Provides example of loadable token handler for activation
json validation and metadata dump.
For creating new ssh example token use special cryptsetup-ssh
binary.
This reverts mostly these commits:
42692418c2a985c12659
The library was ment to export common functions shared by
all cryptsetup tools and planned LUKS2 tokens plugins.
It is no longer needed.
Introducing new library supposed to be used in
cryptsetup tools and future cryptsetup loadable plugins
TODO:
- distribution
- cleanup header files
- incorporate also plugin API?
