From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <leo@strike.wu.ac.at>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id NIM-Gxek_ufa for <dm-crypt@saout.de>;
 Wed, 16 Jan 2013 21:51:40 +0100 (CET)
Received: from strike.wu.ac.at (strike.wu-wien.ac.at [137.208.89.120])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Wed, 16 Jan 2013 21:51:40 +0100 (CET)
Message-ID: <50F712D8.801@strike.wu.ac.at>
Date: Wed, 16 Jan 2013 21:51:36 +0100
From: Alexander 'Leo' Bergolth <leo@strike.wu.ac.at>
MIME-Version: 1.0
References: <50F6F2BE.9080203@strike.wu.ac.at>
 <CAFnMBaR5TAJNb_FDbtrCn+1TBhch=80MCxnOy0-PzBtfYcU5kA@mail.gmail.com>
 <50F7063B.9090607@strike.wu.ac.at> <20130116201455.GB9508@tansi.org>
In-Reply-To: <20130116201455.GB9508@tansi.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] migrate luks key-slots to another luks container
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Arno Wagner <arno@wagner.name>
Cc: dm-crypt@saout.de

Am 16.01.2013 21:14, schrieb Arno Wagner:
> Any reason why you want to change the cipher? After all, you can
> not enlarge the key and keep the keyslots.
>
> As to size, just enlarge the partition. Offset, I don't know,
> but if you do not need to keep any data, just changing the
> repective fiels in the header should do it. But is there really
> any reason to change the offset?

The motivation behind this is because I'd like to migrate the data to 
another system using a different raid layout.
To ensure correct data alignment with the new stripe size, I need to 
change the payload-offset using --align-payload.
Besides, I'd like to change cipher from aes-cbc-essiv:sha256 to 
aes-xts-plain. (Key size is 256 bit on both.)

The source system is currently mounted, so my plan is to create a new 
luks container (preferrably using the same keyslots) and then just rsync 
the data.

Cheers,
--leo

> On Wed, Jan 16, 2013 at 08:57:47PM +0100, Alexander 'Leo' Bergolth wrote:
>> Am 16.01.2013 19:50, schrieb .. ink ..:
>>>     Is it possible to move the passphrases from one luks container to a new
>>>     one with different cipher, size and payload offset? (There is currently
>>>     no data on the new container, I just want to keep the old passphrases.)
>>>
>>> any reason why you dont want to just add those old passphrases to the
>>> new container using "luksAddKey"?
>>
>> I'd like to transfer the key-slots so that the same passphrases can
>> be used to unlock them.
>> I don't know the passphrases. (Just one of them.)
>>
>> Cheers,
>> --leo
>> --
>> e-mail   ::: Leo.Bergolth (at) wu.ac.at
>> fax      ::: +43-1-31336-906050
>> location ::: IT-Services | Vienna University of Economics | Austria
>>
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt@saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>


-- 
e-mail   ::: Leo.Bergolth (at) wu.ac.at
fax      ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria