On 2018-02-16 02:34, Arno Wagner wrote: > Hi Mikhail, > > 1. The offset is not protected, You can just edit it. > FAQ item 6.12 should give you an idea where the > repective number is. > > The FAQ is here: > https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions > > 2. Best make a regular container, and then remove the > header by copying it out and zeroing where it was. > You can make a new header with the same master-key > for your existing container when you have shifted the > data, see FAQ item 6.10. You may have to correct > the offsets for the IVs though. > > It is much easier to get a second disk and copy everything > over to the format you want. And you need backup anyways > (FAQ Item 6.1), so you can just do a backup and then > restore into a new LUKS container. (You have backup, right?) > > 3. Essentially yes, but there is some alignment. Best way to > be sure is to create a new LUKS container and check the values > there. Can be done iin a file, say 100M in size, as LUKS > on-disk format does not care about device size. > See FAQ Item 2.6 > > 4. Maybe. Depends on the offset calculation for IVs. > I think they are relative to the start of the data area, but > they may be relative to the start of the header. Since LUKS > generally has a very sane design, I would expect the former, > but I do not actually know. > > Regards, > Arno > > On Fri, Feb 16, 2018 at 01:33:29 CET, Mikhail Morfikov wrote: >> I have a few question concerning the detached headers. >> >> 1. Is there a way to change data offset? I'm asking because the detached header >> has the data offset set to 0 (if I'm reading it right): >> >> ... >> Data segments: >> 0: crypt >> offset: 0 [bytes] >> length: (whole device) >> ... >> >> And if I just placed the header in front of the encrypted container, it would >> give some error: "Reduced data offset is allowed only for detached LUKS header". >> So this data offset should be changed somehow in order to make the header work. >> >> 2. Is there a way to set the data offset during the creation time of the >> encrypted container? I really thought that when the header is detached, some >> zeroes (or something else) is written to the header's area. Is such case, it >> wouldn't be a problem to attach the header to the encrypted container. >> >> 3. The header is 4 MiB in size, so the data offset should be 4 MiB, right? >> >> 4. I have 2 GiB of free space at the beginning of the drive (just in case of >> creating a /boot/ partition for this disk), so there's no problem with enlarging >> the main partition. Would it work if I resized the partition (+4 MiB for the >> header), and then create a normal LUKS header with the key extracted from the >> detached header? >> >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@xxxxxxxx >> http://www.saout.de/mailman/listinfo/dm-crypt > Yes, I think it will be better to copy everything to some other disk and then recreate the container with a new header attached to it. And yes, in the future I will always create a container with it's header and then detach the header if needed because it's a way easier to handle such containers. Anyways, I'm gonna make a test container and see how reattaching the heder works in practice because I don't really want to loose the data on my disk, and I want to know what happens when such header is reattached. :) _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
