Debian
cryptsetup package

cryptsetup 2:2.1.0-1 source package in Debian

Changelog

cryptsetup (2:2.1.0-1) unstable; urgency=medium

  * New upstream release.  Highlights include:
    - The on-disk LUKS format version now defaults to LUKS2 (use `luksFormat
      --type luks1` to use LUKS1 format). Closes: #919725.
    - The cryptographic backend used for LUKS header processing is now libssl
      instead of libgcrypt.
    - LUKS' default key size is now 512 in XTS mode, half of which is used for
      block encryption.  XTS mode uses two internal keys, hence the previous
      default key size (256) caused AES-128 to be used for block encryption,
      while users were expecting AES-256.

  [ Guilhem Moulin ]
  * Add docs/Keyring.txt and docs/LUKS2-locking.txt to
    /usr/share/doc/cryptsetup-run.
  * debian/README.Debian: Mention that for non-persistent encrypted swap one
    should also disable the resume device.
  * debian/README.initramfs: Mention that keyscript=decrypt_derived normally
    won't work with LUKS2 sources.  (The volume key of LUKS2 devices is by
    default offloaded to the kernel keyring service, hence not readable by
    userspace.)  Since 2:2.0.3-5 the keyscript loudly fails on such sources.
  * decrypt_keyctl keyscript: Always use our askpass binary for password
    prompt (fail instead of falling back to using stty or `read -s` if askpass
    is not available).  askpass and decrypt_keyctl are both shipped in our
    'cryptsetup-run' and 'cryptsetup-udeb' binary packages, and the cryptsetup
    and askpass binaries are added together to the initramfs image.
  * decrypt_keyctl: Document the identifier used in the user keyring:
    "cryptsetup:$CRYPTTAB_KEY", or merely "cryptsetup" if "$CRYPTTAB_KEY" is
    empty or "none".  The latter improves compatibility with gdm and
    systemd-ask-password(1).
  * debian/*: run wrap-and-sort(1).
  * debian/doc/crypttab.xml: mention `cryptsetup refresh` and the `--persistent`
    option flag.
  * debian/control: Bump Standards-Version to 4.3.0 (no changes necessary).

  [ Jonas Meurer ]
  * Update docs about 'discard' option: Mention in manpage, that it's enabled
    per default by Debian Installer. Give advice to add it to new devices in
    /etc/crypttab and add it to crypttab example entries in the docs.

 -- Guilhem Moulin <email address hidden>  Sat, 09 Feb 2019 00:40:17 +0100

Upload details

Uploaded by:
Debian Cryptsetup Team
Uploaded to:
Sid
Original maintainer:
Debian Cryptsetup Team
Architectures:
linux-any all
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
cryptsetup_2.1.0-1.dsc 2.7 KiB 13c24960c3f7b1913361162bc6de315c871c2752e24193df85a52a99ee8b121f
cryptsetup_2.1.0.orig.tar.gz 10.2 MiB e34b6502a8f72a5d76b0dc25349612c83e81d6d7d59a3feda50d66e6859f669e
cryptsetup_2.1.0-1.debian.tar.xz 98.8 KiB bd16b3309d755cb39b0db927d886b2a883e2c09bd5447a1939b6c1eee2bf65fa

No changes file available.

Binary packages built by this source