Na}{

File Content: `v2.0.3-ReleaseNotes`

Cryptsetup 2.0.3 Release Notes
==============================
Stable bug-fix release with new features.

Cryptsetup 2.x version introduces a new on-disk LUKS2 format.

The legacy LUKS (referenced as LUKS1) will be fully supported
forever as well as a traditional and fully backward compatible format.

Please note that authenticated disk encryption, non-cryptographic
data integrity protection (dm-integrity), use of Argon2 Password-Based
Key Derivation Function and the LUKS2 on-disk format itself are new
features and can contain some bugs.

To provide all security features of authenticated encryption, we need
a better nonce-reuse resistant algorithm in the kernel (see note below).
For now, please use authenticated encryption as an experimental feature.

Please do not use LUKS2 without properly configured backup or in
production systems that need to be compatible with older systems.

Changes since version 2.0.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Expose interface to unbound LUKS2 keyslots.
  Unbound LUKS2 keyslot allows storing a key material that is independent
  of master volume key (it is not bound to encrypted data segment).

* New API extensions for unbound keyslots (LUKS2 only)
  crypt_keyslot_get_key_size() and crypt_volume_key_get()
  These functions allow one to get key and key size for unbound keyslots.

* New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only).

* Add --unbound keyslot option to the cryptsetup luksAddKey command.

* Add crypt_get_active_integrity_failures() call to get integrity
  failure count for dm-integrity devices.

* Add crypt_get_pbkdf_default() function to get per-type PBKDF default
  setting.

* Add new flag to crypt_keyslot_add_by_key() to force update device
  volume key. This call is mainly intended for a wrapped key change.

* Allow volume key store in a file with cryptsetup.
  The --dump-master-key together with --master-key-file allows cryptsetup
  to store the binary volume key to a file instead of standard output.

* Add support detached header for cryptsetup-reencrypt command.

* Fix VeraCrypt PIM handling - use proper iterations count formula
  for PBKDF2-SHA512 and PBKDF2-Whirlpool used in system volumes.

* Fix cryptsetup tcryptDump for VeraCrypt PIM (support --veracrypt-pim).

* Add --with-default-luks-format configure time option.
  (Option to override default LUKS format version.)

* Fix LUKS version conversion for detached (and trimmed) LUKS headers.

* Add luksConvertKey cryptsetup command that converts specific keyslot
  from one PBKDF to another.

* Do not allow conversion to LUKS2 if LUKSMETA (external tool metadata)
  header is detected.

* More cleanup and hardening of LUKS2 keyslot specific validation options.
  Add more checks for cipher validity before writing metadata on-disk.

* Do not allow LUKS1 version downconversion if the header contains tokens.

* Add "paes" family ciphers (AES wrapped key scheme for mainframes)
  to allowed ciphers.
  Specific wrapped ley configuration logic must be done by 3rd party tool,
  LUKS2 stores only keyslot material and allow activation of the device.

* Add support for --check-at-most-once option (kernel 4.17) to veritysetup.
  This flag can be dangerous; if you can control underlying device
  (you can change its content after it was verified) it will no longer
  prevent reading tampered data and also it does not prevent silent
  data corruptions that appear after the block was once read.

* Fix return code (EPERM instead of EINVAL) and retry count for bad
  passphrase on non-tty input.

* Enable support for FEC decoding in veritysetup to check dm-verity devices
  with additional Reed-Solomon code in userspace (verify command).

Unfinished things & TODO for next releases
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* There will be better documentation and examples (planned for 2.0.4).

* There will be some more formal definition of the threat model for integrity
  protection. (And a link to some papers discussing integrity protection,
  once it is, hopefully, accepted and published.)

* Authenticated encryption will use new algorithms from CAESAR competition
  https://competitions.cr.yp.to/caesar-submissions.html.
  We plan to use AEGIS and MORUS, as CAESAR finalists.

  NOTE: Currently available authenticated modes (GCM, Chacha20-poly1305)
  in the kernel have too small 96-bit nonces that are problematic with
  randomly generated IVs (the collision probability is not negligible).

* Authenticated encryption do not set encryption for a dm-integrity journal.

  While it does not influence data confidentiality or integrity protection,
  an attacker can get some more information from data journal or cause that
  system will corrupt sectors after journal replay. (That corruption will be
  detected though.)

* There are examples of user-defined tokens inside misc/luks2_keyslot_example
  directory (like a simple external program that uses libssh to unlock LUKS2
  using remote keyfile).

* The python binding (pycryptsetup) contains only basic functionality for LUKS1
  (it is not updated for new features) and will be REMOVED in version 2.1
  in favor of python bindings to the libblockdev library.
  See https://github.com/storaged-project/libblockdev/releases/tag/2.17-1 that
  already supports LUKS2 and VeraCrypt devices handling through libcryptsetup.

Name	Size	Permission
AUTHORS	137 bytes	0644
FAQ.md	142358 bytes	0644
v1.0.7-ReleaseNotes	2921 bytes	0644
v1.1.0-ReleaseNotes	5037 bytes	0644
v1.1.1-ReleaseNotes	1796 bytes	0644
v1.1.2-ReleaseNotes	1594 bytes	0644
v1.1.3-ReleaseNotes	482 bytes	0644
v1.2.0-ReleaseNotes	4856 bytes	0644
v1.3.0-ReleaseNotes	4751 bytes	0644
v1.3.1-ReleaseNotes	421 bytes	0644
v1.4.0-ReleaseNotes	5317 bytes	0644
v1.4.1-ReleaseNotes	889 bytes	0644
v1.4.2-ReleaseNotes	1634 bytes	0644
v1.4.3-ReleaseNotes	2363 bytes	0644
v1.5.0-ReleaseNotes	8610 bytes	0644
v1.5.1-ReleaseNotes	1295 bytes	0644
v1.6.0-ReleaseNotes	9526 bytes	0644
v1.6.1-ReleaseNotes	1041 bytes	0644
v1.6.2-ReleaseNotes	989 bytes	0644
v1.6.3-ReleaseNotes	1859 bytes	0644
v1.6.4-ReleaseNotes	2040 bytes	0644
v1.6.5-ReleaseNotes	2483 bytes	0644
v1.6.6-ReleaseNotes	1093 bytes	0644
v1.6.7-ReleaseNotes	3341 bytes	0644
v1.6.8-ReleaseNotes	2065 bytes	0644
v1.7.0-ReleaseNotes	3101 bytes	0644
v1.7.1-ReleaseNotes	1371 bytes	0644
v1.7.2-ReleaseNotes	1487 bytes	0644
v1.7.3-ReleaseNotes	811 bytes	0644
v1.7.4-ReleaseNotes	661 bytes	0644
v1.7.5-ReleaseNotes	833 bytes	0644
v2.0.0-ReleaseNotes	26631 bytes	0644
v2.0.1-ReleaseNotes	4864 bytes	0644
v2.0.2-ReleaseNotes	4171 bytes	0644
v2.0.3-ReleaseNotes	5340 bytes	0644
v2.0.4-ReleaseNotes	5018 bytes	0644
v2.0.5-ReleaseNotes	4407 bytes	0644
v2.0.6-ReleaseNotes	4264 bytes	0644
v2.1.0-ReleaseNotes	8901 bytes	0644
v2.2.0-ReleaseNotes	11884 bytes	0644
v2.2.1-ReleaseNotes	1413 bytes	0644
v2.2.2-ReleaseNotes	2151 bytes	0644
v2.3.0-ReleaseNotes	7982 bytes	0644
v2.3.1-ReleaseNotes	1770 bytes	0644
v2.3.2-ReleaseNotes	1503 bytes	0644
v2.3.3-ReleaseNotes	1396 bytes	0644
v2.3.4-ReleaseNotes	4431 bytes	0644
v2.3.5-ReleaseNotes	7419 bytes	0644
v2.3.6-ReleaseNotes	2316 bytes	0644
v2.4.0-ReleaseNotes	11885 bytes	0644
v2.4.1-ReleaseNotes	1942 bytes	0644
v2.4.2-ReleaseNotes	1375 bytes	0644
v2.4.3-ReleaseNotes	4752 bytes	0644
v2.5.0-ReleaseNotes	11549 bytes	0644
v2.6.0-ReleaseNotes	8724 bytes	0644
v2.6.1-ReleaseNotes	2112 bytes	0644
v2.7.0-ReleaseNotes	17826 bytes	0644
v2.7.1-ReleaseNotes	1146 bytes	0644
v2.7.2-ReleaseNotes	1175 bytes	0644

File Content: v2.0.3-ReleaseNotes

File Content: `v2.0.3-ReleaseNotes`