From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <octane@alinto.com>
Received: from mx4-v2.alinto.net (mx4-v2.alinto.net [83.145.109.34])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Thu, 20 Aug 2009 12:27:04 +0200 (CEST)
Received: from http1alinto.alinto.net (http1alinto.alinto.net [83.145.109.61])
	by mx4-v2.alinto.net (Postfix) with ESMTP id C821F53C863
	for <dm-crypt@saout.de>; Thu, 20 Aug 2009 12:27:03 +0200 (CEST)
Message-ID: <1250764023.4a8d24f791dfd@webmail.inmano.com>
Date: Thu, 20 Aug 2009 12:27:03 +0200
From: octane indice <octane@alinto.com>
References: <1250693664.4a8c1220018bf@webmail.inmano.com>
	<87tz03lsid.wl%htd@fancy-poultry.org>
	<200908191200.04578.test532@codingninjas.org>
In-Reply-To: <200908191200.04578.test532@codingninjas.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [dm-crypt] distributing a linux disk crypted with dm-crypt
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

En r=E9ponse =E0 Sam <test532@codingninjas.org> :
>=20
> I believe his point is that if he creates a linux installation
> inside a VMWare vm, and luksFormats the drive image
> from within the image, then once he has installed=20
> everything on that image, that when he is done and
> now wishes to send that vmware image to others, they
> will all have the same key. Even if they change their
> passphrase, that is just encrypting the same key=20
> differently. Then anyone person can decrpt anyone else's
> image, as the keys are all the same.

Yes, exactly.

> He does not need the other persons passphrase to
> decode the key passed to the cypher, as his vmware
> image, he knows the key to, and has the same
> underlying key that is passed to the cypher.
>
Yes that's the problem I'm trying to avoid.
=20
> I am guessing the answer is no, that
> luks/cryptsetup/dmsetup does not support=20
> switching the key used by the cypher. There
> are probably no tools to do this.
>=20
Ok. It's just a technical impossibility, or it's
just because nobody has tried to do it, or it's
pointless?

> What you could do is have your startup scripts
> in the image, on bootup, create=20
> a new filesystem on top of a newly
> luksFormatted image, and
> then copy everything to there.=20
>=20
Ok, I will do something like that if there
is no other possibility.

Thank you and all others.

> _______________________________________________
> ------------------- Fin du message d'origine ---------------------




Le plaisir de la dermato cosm=E9tique naturelle http://www.terrahumana.fr