Hi, I just played a little bit with the LUKS2 online reencryption feature (using code from current master). Works great (as far as I can tell) for clear key (i.e. AES cipher), but it fails for the wrapped key cipher PAES. It fails because it always generates a new volume key by random, regardless which cipher is used. For the PAES cipher, a key generated by random wont work, such a key must be generated by the HSM. For 'cryptsetup luksFormat' we use it with a key generated outside of cryptsetup, passing the key via --master-key-file (together with --key-size). To make 'cryptsetup reencrypt' work with PAES, we would also need to pass in the new key via --master-key-file (and --key-size). Unfortunately, the reencrypt action does not use the master key file option. Function action_reencrypt() calls crypt_keyslot_add_by_key() which then calls crypt_keyslot_add_by_key() but passes NULL as volume key. Thus a new randomly generated key is used. If the key specified with the master key file options would be passed here, it should work with the PAES cipher also. This would not only be beneficial for PAES, but also for clear key AES cipher, allowing to use a specified key as volume key (like with luksFormat). If I try to use 'cryptsetup reencrypt' with an existing LUKS2 volume encrypted with PAES it fails as follows: # cryptsetup reencrypt /dev/loop0 --debug ... snip debug messages ... Enter passphrase for key slot 0: ... snip debug messages ... # Checking if cipher paes-cbc-plain64 is usable. # Userspace crypto wrapper cannot use paes-cbc-plain64 (-22). Failed to setup dm-crypt key mapping for device /dev/loop0. Check that kernel supports paes-cbc-plain64 cipher (check syslog for more info). This is because function LUKS2_check_cipher() is called which again generates a new volume key to test the cipher by random. So the code should use 'if (!crypt_cipher_wrapped_key(....))' like it does at other places (e.g. in _crypt_format_luks2() ) to not check the cipher for wrapped key ciphers (PAES is the only such at the moment). So I think with a few code changes, it should be possible to make online reencryption also work with the PAES cipher, when the volume key is generated outside of cryptsetup and passed in via --master-key-file. What _does_ work, is to reencrypt a LUKS2 PAES volume with a clear key cipher: # cryptsetup reencrypt /dev/loop0 --cipher aes-cbc-plain64 Enter passphrase for key slot 0: Finished, time 01:22.875, 984 MiB written, speed 11.9 MiB/s -- Ingo Franzki eMail: ifranzki@xxxxxxxxxxxxx Tel: ++49 (0)7031-16-4648 Fax: ++49 (0)7031-16-3456 Linux on IBM Z Development, Schoenaicher Str. 220, 71032 Boeblingen, Germany IBM Deutschland Research & Development GmbH / Vorsitzender des Aufsichtsrats: Matthias Hartmann Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294 IBM DATA Privacy Statement: https://www.ibm.com/privacy/us/en/ _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt