Arno Wagner <arno@...> writes: > > On Wed, Mar 12, 2014 at 00:16:19 CET, PePa wrote: > > I'm a big fan of dm-crypt/luks. > > I'm trying to reencode a crypto_LUKS partition from -c aes-cbc-plain -s 128 > > -h sha1 > > like this: > > cryptsetup-reencrypt -c twofish-xts-plain64 -s 512 -h sha512 -i 2000 -B 32 > > /dev/sda4 > > > > Output I'm getting: > > Device LUKS-71a94fa6-9c84-45d7-80e8-ee61be3887e0.new is too small. > > Creation of LUKS backup headers failed. > > > > On it is a Physical lvm2-volume that could be shrunken. Is it just a matter > > of doing that? How much more space is needed?? > > If you look at FAQ Item 6.2, you an see that you go from a herader > size a little over 1MB to one thet is 2MB in size. The difference > does not sound like much and is indeed not much, but it has to > be available. I shrunk the PV twice by 1 4MB extend, each time, but .new is still too small. Does that mean that the PV somehow needs to be shifted to the beginning of the luks partition? I don't want to use --reduce-device-size before I know that the PV is not occupying that area. (I do have a backup of all the data, but not of the partition as one block.) It seems like you're not recommending the use of cryptsetup-reencrypt in general. I'm happy to give it a try once I have taken all the obvious steps of doing it right. > > The --reduce-device-size of cryptsetup-reencrypt can be used to > enlarge the header by what is needed, but will just cut off the > amount the data-area gets shifted from its endm, thereby likely > damaging the filesystem in there and destroying data, or, in the > worst case, the while filesystem. > > So in theory, you could use some tool to shrink the filesystem > in the openend container and then use this option to shift and > cut the data ares. > > However, there are several high-risk operations in here that > you should under no circumstances run without a full, good > data backup. If you have that, it is a lot easier to just erase > the old container, create a new one and restore your data into > that. > > FAQ Item 6.4 discusses how to do an encrypted data backup > with tar and GPG. > > Arno Thanks for pointing to the FAQ. Peter _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
