Re: migrate luks key-slots to another luks container

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 16.01.2013 21:14, schrieb Arno Wagner:
Any reason why you want to change the cipher? After all, you can
not enlarge the key and keep the keyslots.

As to size, just enlarge the partition. Offset, I don't know,
but if you do not need to keep any data, just changing the
repective fiels in the header should do it. But is there really
any reason to change the offset?

The motivation behind this is because I'd like to migrate the data to another system using a different raid layout. To ensure correct data alignment with the new stripe size, I need to change the payload-offset using --align-payload. Besides, I'd like to change cipher from aes-cbc-essiv:sha256 to aes-xts-plain. (Key size is 256 bit on both.)

The source system is currently mounted, so my plan is to create a new luks container (preferrably using the same keyslots) and then just rsync the data.

Cheers,
--leo

On Wed, Jan 16, 2013 at 08:57:47PM +0100, Alexander 'Leo' Bergolth wrote:
Am 16.01.2013 19:50, schrieb .. ink ..:
    Is it possible to move the passphrases from one luks container to a new
    one with different cipher, size and payload offset? (There is currently
    no data on the new container, I just want to keep the old passphrases.)

any reason why you dont want to just add those old passphrases to the
new container using "luksAddKey"?

I'd like to transfer the key-slots so that the same passphrases can
be used to unlock them.
I don't know the passphrases. (Just one of them.)

Cheers,
--leo
--
e-mail   ::: Leo.Bergolth (at) wu.ac.at
fax      ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt



--
e-mail   ::: Leo.Bergolth (at) wu.ac.at
fax      ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt


[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux