On 01/16/2013 09:19 PM, Arno Wagner wrote: > Come to think of it, here is a very dirty way to do this: > Have the people accessing this map the old container (header+ > keyslot area is enough, use, e.g. a loop file), then read the > master key (see FAQ) and use that in a script to open your > second (new) container. And what to do if the master key is longer for the new container? No, really, LUKS is a simple standard for a reason :) The master key in keyslot is always encrypted with the same algorithm as the data. cryptsetup-reencrypt requires entering all passphrases or alternatively use only one (destroying others) and allow add them later. Surely we can create some "hack" script, but then I would expect people doing this exactly understand (not only security) consequences. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
