On 12/14/2017 08:22 PM, Andrius Štikonas wrote:
So if I understand correctly it will never ask for passphrase in LUKS1 case but it will always ask in LUKS2 case.
Not always for every LUKS2 device. It will always ask for a passphrase if the volume key is passed via kernel keyring (hence the cryptsetup status cmd for detection).
LUKS1 devices doesn't use kernel keyring for volume key (backward compatibility)
LUKS2 devices use kernel keyring for volume key by default, but user may have overridden the default by --disable-keyring option during cryptsetup open command.
Regards Ondrej _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
