On 10 Apr 2017 22:53 +0200, from 7heo@xxxxxxxx (7heo): > My question regarding this was to know whether it was possible to > automatically generate temporary derivated headers from a "main > header" (as source). Whether in RAM or as files in a ramdisk (or > else). That way there is no necessity to manually manage a bunch of > redundant information. At this point, I have to ask: Is there any particular reason why you are trying to make this work with LUKS? It almost sounds like you want encrypted storage, but you don't really want what LUKS headers add, and you don't seem to want anything on-disk that is recognizable as being LUKS. Specifically, why not just use plain dm-crypt devices? Then the device itself is guaranteed to not ever contain any recognizable metadata (you can't even _make_ it contain recognizable metadata), and you can store that metadata (mainly the cipher settings and passphrase for master key derivation or the master key itself) however you prefer. You can even have a small LUKS container that holds files with high-grade random data that are used as keys for the dm-crypt devices, one per encrypted device. That would have the added benefit (or drawback, depending on your threat model) of allowing a single unlock operation to enable access to all encrypted devices. -- Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
