Hello For a project I have to make a linux distro available as a Vmware Appliance. It's a project where this linux will store confidential data. As of using Vmware, it means that everybody which has access to the datastore of Vmware could load the disk image, then read it. Which would lead to a major privacy breach. I want to avoid it. So, I think I will use disk encryption. But then raise a problem: dm-crypt uses two sort of key: Users-key (8) and crypto-key (1) The users key open the disk. Those keys are not a problem and could be changed easily (thanks to Luks extension) But every people I give the appliance will have the crypto key which crypt and decrypt data. So, as a security point of view, it's not acceptable. I can imagine a people using the appliance, get the crypto key, get another disk, and use it on that disk. So my question is: Is there a way to change the crypto-key? (Which would involve a complete re-encryption of disk, but it's not a problem, because it would happen once at first boot only). I hope I was clear (english is not my native language). Thank you for help Le plaisir de la dermato cosmétique naturelle http://www.terrahumana.fr _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
