From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uhkruVAqVA4M for ; Wed, 16 Jan 2013 21:19:13 +0100 (CET) Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Wed, 16 Jan 2013 21:19:13 +0100 (CET) Received: from gatewagner.dyndns.org (84-74-164-49.dclient.hispeed.ch [84.74.164.49]) by v4.tansi.org (Postfix) with ESMTPA id 138581404001 for ; Wed, 16 Jan 2013 21:19:13 +0100 (CET) Date: Wed, 16 Jan 2013 21:19:12 +0100 From: Arno Wagner Message-ID: <20130116201912.GC9508@tansi.org> References: <50F6F2BE.9080203@strike.wu.ac.at> <50F7063B.9090607@strike.wu.ac.at> <20130116201455.GB9508@tansi.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20130116201455.GB9508@tansi.org> Subject: Re: [dm-crypt] migrate luks key-slots to another luks container List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Come to think of it, here is a very dirty way to do this: Have the people accessing this map the old container (header+ keyslot area is enough, use, e.g. a loop file), then read the master key (see FAQ) and use that in a script to open your second (new) container. A bit like "decrypt-derived". And a possible nighmare to maintain ;-) Arno On Wed, Jan 16, 2013 at 09:14:55PM +0100, Arno Wagner wrote: > Hmm. > > I don't think that is possible at the moment. The experimental > "cryptsetup-reencrypt" requires all passphrases that should remain > active. > > Any reason why you want to change the cipher? After all, you can > not enlarge the key and keep the keyslots. > > As to size, just enlarge the partition. Offset, I don't know, > but if you do not need to keep any data, just changing the > repective fiels in the header should do it. But is there really > any reason to change the offset? > > Arno > > > On Wed, Jan 16, 2013 at 08:57:47PM +0100, Alexander 'Leo' Bergolth wrote: > > Am 16.01.2013 19:50, schrieb .. ink ..: > > > Is it possible to move the passphrases from one luks container to a new > > > one with different cipher, size and payload offset? (There is currently > > > no data on the new container, I just want to keep the old passphrases.) > > > > > >any reason why you dont want to just add those old passphrases to the > > >new container using "luksAddKey"? > > > > I'd like to transfer the key-slots so that the same passphrases can > > be used to unlock them. > > I don't know the passphrases. (Just one of them.) > > > > Cheers, > > --leo > > -- > > e-mail ::: Leo.Bergolth (at) wu.ac.at > > fax ::: +43-1-31336-906050 > > location ::: IT-Services | Vienna University of Economics | Austria > > > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@saout.de > > http://www.saout.de/mailman/listinfo/dm-crypt > > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 > ---- > One of the painful things about our time is that those who feel certainty > are stupid, and those with any imagination and understanding are filled > with doubt and indecision. -- Bertrand Russell > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell