First I would like to thank you all for the efforts that you have put
into disk encryption. It is really a pleasure to use!
Here my scenario (using cryptsetup 1.0.6 in Ubuntu 9.04):
luksAddKey allows to add the same key (e.g. "abc") twice in different slots.
luksDump output:
...
Key Slot 0: ENABLED
...
Key Slot 1: ENABLED
...
luksRemoveKey: Fails since all passphrases are equal
root@asus:~# cryptsetup luksRemoveKey /dev/sdb1
Enter LUKS passphrase to be deleted:
key slot 0 selected for deletion.
Enter any remaining LUKS passphrase:
No remaining key available with this passphrase.
Command failed.
luksKillSlot: Allows me to purge a specific slot
root@asus:~# cryptsetup luksKillSlot /dev/sdb1 1
Enter any remaining LUKS passphrase:
key slot 1 verified.
Command successful.
Is this the desired behavior of luksRemoveKey in case of duplicate keys?
In both cases cryptsetup asks the same question "Enter any remaining
LUKS passphrase:".
In one case the passphrase is accepted ("luksKillSlot"), in the other
case ("luksRemoveKey") it is rejected.
Why wasn't the original interface sufficient that only knew luksAddKey
and luksDelKey? I couldn't find anything useful on this topic using Google.
Regards, Peter.
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
