Re: LUKS2 resizing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/18/2017 10:30 AM, Ondrej Kozina wrote:
On 12/14/2017 08:22 PM, Andrius Štikonas wrote:
So if I understand correctly it will never ask for passphrase in LUKS1
case but it will always ask in LUKS2 case.

Not always for every LUKS2 device. It will always ask for a passphrase
if the volume key is passed via kernel keyring (hence the cryptsetup
status cmd for detection).

LUKS1 devices doesn't use kernel keyring for volume key (backward
compatibility)

LUKS2 devices use kernel keyring for volume key by default, but user may
have overridden the default by --disable-keyring option during
cryptsetup open command.


And don't forget not every kernel has dm-crypt kernel keyring support available. We detect dm-crypt version runtime so you may encounter LUKS2 devices with hexbyte key in dm table directly, especially in enterprise or more conservative distributions. I'd recommend to stick with cryptsetup status cmd for detection though.

O.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt




[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux