Hi Mikhail, 1. The offset is not protected, You can just edit it. FAQ item 6.12 should give you an idea where the repective number is. The FAQ is here: https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions 2. Best make a regular container, and then remove the header by copying it out and zeroing where it was. You can make a new header with the same master-key for your existing container when you have shifted the data, see FAQ item 6.10. You may have to correct the offsets for the IVs though. It is much easier to get a second disk and copy everything over to the format you want. And you need backup anyways (FAQ Item 6.1), so you can just do a backup and then restore into a new LUKS container. (You have backup, right?) 3. Essentially yes, but there is some alignment. Best way to be sure is to create a new LUKS container and check the values there. Can be done iin a file, say 100M in size, as LUKS on-disk format does not care about device size. See FAQ Item 2.6 4. Maybe. Depends on the offset calculation for IVs. I think they are relative to the start of the data area, but they may be relative to the start of the header. Since LUKS generally has a very sane design, I would expect the former, but I do not actually know. Regards, Arno On Fri, Feb 16, 2018 at 01:33:29 CET, Mikhail Morfikov wrote: > I have a few question concerning the detached headers. > > 1. Is there a way to change data offset? I'm asking because the detached header > has the data offset set to 0 (if I'm reading it right): > > ... > Data segments: > 0: crypt > offset: 0 [bytes] > length: (whole device) > ... > > And if I just placed the header in front of the encrypted container, it would > give some error: "Reduced data offset is allowed only for detached LUKS header". > So this data offset should be changed somehow in order to make the header work. > > 2. Is there a way to set the data offset during the creation time of the > encrypted container? I really thought that when the header is detached, some > zeroes (or something else) is written to the header's area. Is such case, it > wouldn't be a problem to attach the header to the encrypted container. > > 3. The header is 4 MiB in size, so the data offset should be 4 MiB, right? > > 4. I have 2 GiB of free space at the beginning of the drive (just in case of > creating a /boot/ partition for this disk), so there's no problem with enlarging > the main partition. Would it work if I resized the partition (+4 MiB for the > header), and then create a normal LUKS header with the key extracted from the > detached header? > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
