I am playing around and learning about LUKS encryption on Centos, so I installed Centos 7 with the /home partition encrypted. I am trying to dump the header with the master key for safe keeping in case I forget the passphrase or the header becomes corrupt (More to learn about how it works and how the header looks like) Here is the command I am using which I got from https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions#6-backup-and-data-recovery: [root@testmachine1 ~]# cryptsetup --dump-master-key luksDump /dev/dm-2 WARNING! ======== Header dump with volume key is sensitive information which allows access to encrypted partition without passphrase. This dump should be always stored encrypted on safe place. Are you sure? (Type uppercase yes): yes [root@testmachine1 ~]# As you can see I can not get any output. If I remove the --dump-master-key I can see the header, here is the output without --dump-master-key: [root@testmachine1 ~]# cryptsetup luksDump /dev/dm-2 LUKS header information for /dev/dm-2 Version: 1 Cipher name: aes Cipher mode: xts-plain64 Hash spec: sha1 Payload offset: 4096 MK bits: 512 MK digest: <removed by me :) > MK salt: <removed by me> MK iterations: 40500 UUID: 3d499ed2-0c01-463a-ba3e-2cd306b22f7d Key Slot 0: ENABLED Iterations: 163264 Salt: <removed by me> Key material offset: 8 AF stripes: 4000 Key Slot 1: DISABLED Key Slot 2: DISABLED Key Slot 3: DISABLED Key Slot 4: DISABLED Key Slot 5: DISABLED Key Slot 6: DISABLED Key Slot 7: DISABLED I can get the unencrypted key using this command: [root@testmachine1 ~]# dmsetup table --target crypt --showkey /dev/mapper/luks-3d499ed2-0c01-463a-ba3e-2cd306b22f7d 0 409595904 crypt aes-xts-plain64 <I can see the key here> 0 253:2 4096 Regards _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
