Dirk Heinrichs wrote: > louisa ~ # cryptsetup luksFormat -c aes-cbc-essiv:sha256 /dev/evms/test > > WARNING! > ======== > This will overwrite data on /dev/evms/test irrevocably. > > Are you sure? (Type uppercase yes): YES > Enter LUKS passphrase: > Verify passphrase: > Command successful. > louisa ~ # dd if=/dev/urandom of=/etc/crypt/keyfile count=1 > 1+0 records in > 1+0 records out > 512 bytes (512 B) copied, 0.000189 seconds, 2.7 MB/s > louisa ~ # cryptsetup luksAddKey /dev/evms/test /etc/crypt/keyfile > Enter any LUKS passphrase: > Verify passphrase: > key slot 0 unlocked. > Command successful. Thanks for the reply. I understand down to this point. What I don't understand is the next two steps, with the -d option. How does this enable slot 2 with a passphrase and why use the keyfile again? I also don't understand, above, how the keyfile gets encrypted. > louisa ~ # cryptsetup -d /etc/crypt/keyfile luksOpen /dev/evms/test c-test > key slot 1 unlocked. > Command successful. > louisa ~ # cryptsetup -d /etc/crypt/keyfile luksAddKey /dev/evms/test > key slot 1 unlocked. > Enter new passphrase for key slot: > Verify passphrase: > Command successful. > louisa ~ # cryptsetup luksDump /dev/evms/test > LUKS header information for /dev/evms/test [snip] > As you see there, I have now 3 key slots enabled, one can be unlocked with > the keyfile (1), the others (0, 2) can be unlocked with a passphrase. It > doesn't matter which one you provide, you only need to be able to unlock > one of those three slots. Thanks for the patience! John --------------------------------------------------------------------- - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
