The Parameters File contains the required information to generate the key and configure a device. These files are typically generated by the
-g flag and not edited by hand. When a device is configured the default parameters file is constructed by taking the basename of the target disk and prepending
/etc/cgd/ to it. E.g., if the target is
/dev/sd0h, then the default parameters file will be
/etc/cgd/sd0h.
It is possible to have more than one parameters file for a given disk which use different key generation methods but will generate the same key. To create a parameters file that is equivalent to an existing parameters file, use
cgdconfig with the
-G flag. See
EXAMPLES for an example of this usage.
The parameters file contains a list of statements each terminated with a semi-colon. Some statements can contain statement-blocks which are either a single unadorned statement, or a brace-enclosed list of semicolon terminated statements. Three types of data are understood:
integer
a 32 bit signed integer.
base64
a length-encoded base64 string.
The following statements are defined:
algorithm string
Defines the cryptographic algorithm.
iv-method string
Defines the IV generation method.
keylength integer
Defines the length of the key.
verify_method string
Defines the verification method.
keygen string statement_block
Defines a key generation method. The statement_block contains statements that are specific to the key generation method.
The keygen statement's statement block may contain the following statements:
key string
The key. Only used for the storedkey key generation method.
cmd string
The command to execute. Only used for the shell_cmd key generation method.
iterations integer
The number of iterations. Only used for pkcs5_pbkdf2/sha1 and pkcs5_pbkdf2.
salt base64
The salt. Only used for pkcs5_pbkdf2/sha1 and pkcs5_pbkdf2.