====== Crypto ======

Setup crypted Partition

You can use a cryptfile, but a partition is more comfortable than a 20gb file and more stable.

Commands - modern encryption - Android 6:

  openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > /dev/mmcblk0_foo

  cryptsetup -c aes-xts-plain64 --key-size 512 --hash sha512 -y luksFormat /dev/mmcblk0p2  
  cryptsetup luksOpen /dev/mmcblk0p2 sdhome
  mkfs.ext4 -j -m 1 -O dir_index,filetype -L homecrypt /dev/mapper/sdhome 


Old android:

On a Android 4.0 device i used these settings, because the kernel does not support the cipher above:

  cryptsetup luksDump ...
  
  Cipher name:    twofish
  Cipher mode:    cbc-plain
  Hash spec:      sha1
  
This works, too:

  cryptsetup -c aes-cbc-essiv:sha256 --hash sha256  -y luksFormat /dev/mmcblk0p2


Test:
  mount /dev/mapper/sdhome /mnt/sd/
  # cop< stuff ..
  umount /mnt/sd
  cryptsetup luksClose /dev/mapper/sdhome
  # retry

Mount the partition in linux bootscript:

  busybox mkdir $chrootdir/dev/block/
  busybox -o bind /dev/block/ /$chrootdir/dev/block
  
Then inside the chroot, it can be mounted
  cryptsetup luksOpen /dev/block/mmcblk0p2 sdhome
  mount /dev/mapper/home /mnt/sd