I found on the site where it explained why they don't make it easy. I'm glad they at least explain how to do it any way. The idea of revoking a keyslot always sounded a little like wishful thinking to me. All it would take is for the bad guy to have run that DD command to sneak off with the old headers before you revoked his slot, then he could come back, swap his in, do bad things, and swap his back out. if I ever need to revoke a keyslot, I'll just re-luks the partition with a fresh master key and restore a backup of my data into the new container. I'm glad the dd trick worked for Sebastion. That's some hot water to be in! On 3/7/07, Jan Reusch <jreusch@xxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 there is a comment from clemens on this list why luks doesn't have such a function. i think its also on the luks page. Billy Crook schrieb: > It would be nice if lukes had an easy header backup function like > TrueCrypt does. > > On 3/7/07, Sebastian Bork <bork@xxxxxxxxxxxxxxxx> wrote: >> To update you about my troubles ... if someone is interested at all: >> >> I did it! By assembling an array md0 of one disk (snapshot of the >> data, >> but some weeks old), activating vg0, copying 132096 bytes from the >> beginning of /dev/vg0/crypt on a USB stick, booting into an initrd >> shell, copying those 132096 bytes to the beginning of the volume >> containing the up-to-date data and then using cryptsetup luksOpen I >> managed to decrypt the master key (which was in the data copied) >> and to >> open the volume. A vgchange -a y vg1 later I had all my logical >> volumes >> back, with the up-to-date data, not the stuff that was weeks old. >> >> Now I need some sleep. And after that a better backup concept. >> Thank you >> for listening. >> >> --------------------------------------------------------------------- >> dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ >> To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx >> For additional commands, e-mail: dm-crypt-help@xxxxxxxx >> >> > > --------------------------------------------------------------------- > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7utQBpRI6A8tC0MRAjgJAKCl024RT9i6FxvXgv6RbHTGIF361wCeJ2Xc zmLI+smwsj6SeQlrByUQz4g= =hnrY -----END PGP SIGNATURE----- --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
