Generate `fscrypt.conf` with Adiantum as the encryption mode
crodjer opened this issue · comments
Rohan Jain commented
I am working on setting up some automation on my Raspberry Pis and would like to use Adiantum
within /etc/fscrypt.conf
when hardware AES isn't available.
I had a couple of queries:
- Is there a way to generate the initial configuration with
Adiantum
? - If not, is it okay if I continue to use the same
hash_costs
calculation and edit my options after the setup via Ansible?
Eric Biggers commented
The fscrypt setup
command does not provide an option to customize the encryption algorithm, but you can just edit /etc/fscrypt.conf
afterwards as follows:
"contents": "Adiantum",
"filenames": "Adiantum",
You do not need to change anything in "hash_costs"
.
Rohan Jain commented
Thanks for the very prompt response @ebiggers, that's what I have been using in my ansible playbook. As long as hash costs calculation is independent this works for me.