From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from awesome.dsw2k3.info (unknown [IPv6:2a01:198:661:1f::3]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Fri, 12 Dec 2014 13:59:18 +0100 (CET) Received: from localhost (localhost.localdomain [127.0.0.1]) by awesome.dsw2k3.info (Postfix) with ESMTP id 3868AC7A17 for ; Fri, 12 Dec 2014 13:57:03 +0100 (CET) Received: from awesome.dsw2k3.info ([127.0.0.1]) by localhost (awesome.dsw2k3.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0bxeBmAUJARK for ; Fri, 12 Dec 2014 13:56:58 +0100 (CET) Received: from citd.de (p4FFEE7F5.dip0.t-ipconnect.de [79.254.231.245]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by awesome.dsw2k3.info (Postfix) with ESMTPSA for ; Fri, 12 Dec 2014 13:56:58 +0100 (CET) Date: Fri, 12 Dec 2014 13:59:10 +0100 From: Matthias Schniedermeyer Message-ID: <20141212125910.GA3470@citd.de> References: <20141211220453.GA24563@citd.de> <20141212121108.GA29099@tansi.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20141212121108.GA29099@tansi.org> Subject: Re: [dm-crypt] question List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 12.12.2014 13:11, Arno Wagner wrote: > On Thu, Dec 11, 2014 at 23:04:53 CET, Matthias Schniedermeyer wrote: > > On 11.12.2014 18:30, Sayler, Craig A. (AFRC-MI)[InuTeq, LLC] wrote: > > > Is there a way to decrypt a drive permanently with out reinstalling? > > > > Yes. > > > > But the much safer way is: > > Backup, make a new filesystem on the previous backing-device & Restore > > from backup. > > > > > > The unsafe(!) 'inplace' method (that as an advantage doesn't need > > additional storage): > > Just open the container normally, 'dd' the mapped container over the > > backing device and pray that process isn't interruped. Because it will > > be a huge PITA if it gets interruped. > > > > > > But don't risk it, Backup & Restore is the way this should be done. > > Interesting approach! Should work though. But you are right that this > is very high risk. Standard Unix methodology, i would say. I did something similar, in reverse (unencrypred -> encrypted), some years ago. Altough i wrote me a script that did the work in steps, so i could resume it if it ever got interrupted. (Better safe than sorry. In the end it wasn't interupted. But that's Murphy's Law: If you are prepared, nothing will happen.) The script did something like this: for each block do copy source to other stable storage fsync update state information fsync copy block from other stable storage to target fsync update state information fsync done The detour is necessary to recover from a partial copy in the last step, otherwise you would need to determine the exact spot (and hope the HDD didn't do a partial sector write) to restart the process. -- Matthias