cryptsetup FAQ section 6.10, master keys and cryptsetup-reencrypt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I was poking around the cryptsetup FAQ, mostly out of idle curiosity,
and noticed that section 6.10 (How do I recover the master key from a
mapped LUKS container?) states that

> Changing the master key requires a full data backup, luksFormat and
> then restore of the backup.

But as far as I understand it, this isn't the case any longer;
https://gitlab.com/cryptsetup/cryptsetup/commits/master/src/cryptsetup_reencrypt.c
says that cryptsetup-reencrypt was born in mid-2012, and my
understanding is that changing the master key is one of the major use
cases for cryptsetup-reencrypt (the other being to change from one
cipher or set of cipher settings to another).

Isn't it time that the FAQ is updated to at least point out the
existence of cryptsetup-reencrypt?

A backup would still very much be advised, but unless I'm mistaken,
changing the master key is now merely an offline operation rather than
a luks(re)Format operation.

-- 
Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt




[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux