Na}{

File Content: `v1.3.0-ReleaseNotes`

Cryptsetup 1.3.0 Release Notes
==============================

Changes since version 1.2.0

Important changes
~~~~~~~~~~~~~~~~~
 * Several userspace crypto backends support

   cryptsetup now supports generic crypto backend interface which allows
   compile package with various crypto libraries, these are already implemented:

   * gcrypt (default, used in previous versions)
   * OpenSSL
   * NSS (because of missing ripemd160 it cannot provide full backward compatibility)
   * kernel userspace API (provided by kernel 2.6.38 and above)
     (Note that kernel userspace backend is very slow for this type of operation.
      But it can be useful for embedded systems, because you can avoid userspace
      crypto library completely.)

   Backend is selected during configure time, using --with-crypto_backend option.

   configure --with-crypto_backend=BACKEND (gcrypt/openssl/nss/kernel) [gcrypt]

   Note that performance checked (iterations) in LUKS header will cause that
   real iteration time will differ with different backends.
   (There are huge differences in speed between libraries.)

 * Cryptsetup now automatically allocates loopback device (/dev/loop) if device
   argument is file and not plain device.

   This require Linux kernel 2.6.25 and above (which implements loop autoclear flag).

   You can see backing file in cryptsetup status output if underlying device is loopback.

 * Introduce maximum default keyfile size, add configure option, visible in --help.

   Cryptsetup now fails if read from keyfile exceeds internal limit.
   You can always specify keyfile size (overrides limit) by using --keyfile-size option.

 * Adds luksChangeKey command

    cryptestup luksChangeKey --key-file <old keyfile> <new keyfile> [--key-slot X] 
    cryptestup luksChangeKey [--key-slot X]  (for passphrase change)

   This command allows passphrase/keyfile change in one step. If no key slot is
   specified (and there is still free key slot on device) new slot is allocated before
   the old is purged.

   If --key-slot option is specified (or there is no free slot) command will overwrite
   existing slot.
   WARNING: Be sure you have another slot active or header backup when using explicit
            key slot (so you can unlock the device even after possible media failure).

 * Adds compatible support for loop-AES encryption type in loopaesOpen command.

   Linux dm-crypt in 2.6.38 and above supports loop-AES compatible mapping
   (including multi-key and special CBC mode, all three modes are supported).

   If you have raw loop-AES keyfile (text file with uuencoded per-line keys), you can
   access loop-AES volume using
     cryptsetup loopaesOpen <device> <name> [--key-size 128] --key-file <key-file>

   If you are using GPG encrypted keyfile
     gpg --decrypt <key-file> | cryptsetup loopaesOpen --key-file=- <device> <name>

   Do not forget to specify key size. Version and hash is automatically detected
   according to number of lines in key file. For special configuration you can
   override IV sector offset using --skip option, device offset with --offset
   and hash algorithm using --hash, see man page for details.

   Please note that loopAES dm-crypt mode is provided for compatibility reasons
   (so you do not need to patch kernel and util-linux to map existing volumes)
   but it is not, and never will be, optimized for speed.
   It is experimental feature for now.

 * Require the whole key read from keyfile in create command (regression in 1.2.0).

 * WARNING: This is the last cryptsetup release which supports library with
            old API (using struct crypt_options).
            These calls are deprecated since 1.1.0 and AFAIK no application
            is using it in recent distros. Removing compatible code will allow
            new features to be implemented easily.

Other changes
~~~~~~~~~~~~~
 * Lock memory also in luksDump command.
 * Fix return code when passphrase is read from pipe.
 * Increase libcryptsetup version (loopAES change), still fully backward compatible.
 * Fixes static build (--disable-static-cryptsetup now works properly).
 * Supports secure data flag for device-mapper ioctl (will be in 2.6.39,
   forcing kernel to wipe all ioctl buffers with possible key data).
   To enable this flag you need new device-mapper library, in LVM2 2.02.84.
 * Add copyright texts into some files and adds GPL exception allowing
   to distribute resulting binaries linked with OpenSSL.
 * Update FAQ.
 * Fix message when locking memory fails.
 * Fix luksAddKey return code if master key is used.
 * Update some text files in distributions.
 * Add docs directory with Release Notes archive.
 * Do not hardcode loopback device name in tests, use internal loopback library.

Name	Size	Permission
AUTHORS	137 bytes	0644
FAQ.md	142358 bytes	0644
v1.0.7-ReleaseNotes	2921 bytes	0644
v1.1.0-ReleaseNotes	5037 bytes	0644
v1.1.1-ReleaseNotes	1796 bytes	0644
v1.1.2-ReleaseNotes	1594 bytes	0644
v1.1.3-ReleaseNotes	482 bytes	0644
v1.2.0-ReleaseNotes	4856 bytes	0644
v1.3.0-ReleaseNotes	4751 bytes	0644
v1.3.1-ReleaseNotes	421 bytes	0644
v1.4.0-ReleaseNotes	5317 bytes	0644
v1.4.1-ReleaseNotes	889 bytes	0644
v1.4.2-ReleaseNotes	1634 bytes	0644
v1.4.3-ReleaseNotes	2363 bytes	0644
v1.5.0-ReleaseNotes	8610 bytes	0644
v1.5.1-ReleaseNotes	1295 bytes	0644
v1.6.0-ReleaseNotes	9526 bytes	0644
v1.6.1-ReleaseNotes	1041 bytes	0644
v1.6.2-ReleaseNotes	989 bytes	0644
v1.6.3-ReleaseNotes	1859 bytes	0644
v1.6.4-ReleaseNotes	2040 bytes	0644
v1.6.5-ReleaseNotes	2483 bytes	0644
v1.6.6-ReleaseNotes	1093 bytes	0644
v1.6.7-ReleaseNotes	3341 bytes	0644
v1.6.8-ReleaseNotes	2065 bytes	0644
v1.7.0-ReleaseNotes	3101 bytes	0644
v1.7.1-ReleaseNotes	1371 bytes	0644
v1.7.2-ReleaseNotes	1487 bytes	0644
v1.7.3-ReleaseNotes	811 bytes	0644
v1.7.4-ReleaseNotes	661 bytes	0644
v1.7.5-ReleaseNotes	833 bytes	0644
v2.0.0-ReleaseNotes	26631 bytes	0644
v2.0.1-ReleaseNotes	4864 bytes	0644
v2.0.2-ReleaseNotes	4171 bytes	0644
v2.0.3-ReleaseNotes	5340 bytes	0644
v2.0.4-ReleaseNotes	5018 bytes	0644
v2.0.5-ReleaseNotes	4407 bytes	0644
v2.0.6-ReleaseNotes	4264 bytes	0644
v2.1.0-ReleaseNotes	8901 bytes	0644
v2.2.0-ReleaseNotes	11884 bytes	0644
v2.2.1-ReleaseNotes	1413 bytes	0644
v2.2.2-ReleaseNotes	2151 bytes	0644
v2.3.0-ReleaseNotes	7982 bytes	0644
v2.3.1-ReleaseNotes	1770 bytes	0644
v2.3.2-ReleaseNotes	1503 bytes	0644
v2.3.3-ReleaseNotes	1396 bytes	0644
v2.3.4-ReleaseNotes	4431 bytes	0644
v2.3.5-ReleaseNotes	7419 bytes	0644
v2.3.6-ReleaseNotes	2316 bytes	0644
v2.4.0-ReleaseNotes	11885 bytes	0644
v2.4.1-ReleaseNotes	1942 bytes	0644
v2.4.2-ReleaseNotes	1375 bytes	0644
v2.4.3-ReleaseNotes	4752 bytes	0644
v2.5.0-ReleaseNotes	11549 bytes	0644
v2.6.0-ReleaseNotes	8724 bytes	0644
v2.6.1-ReleaseNotes	2112 bytes	0644
v2.7.0-ReleaseNotes	17826 bytes	0644
v2.7.1-ReleaseNotes	1146 bytes	0644
v2.7.2-ReleaseNotes	1175 bytes	0644

File Content: v1.3.0-ReleaseNotes

File Content: `v1.3.0-ReleaseNotes`