From: Milan Broz <gmazyland@gmail.com>
To: David Christensen <dpchrist@holgerdanske.com>, dm-crypt@saout.de
Subject: Re: [dm-crypt] Debian 7.10 random key swap Device /dev/sda2 is not a valid LUKS device.
Date: Wed, 6 Apr 2016 08:37:08 +0200 [thread overview]
Message-ID: <5704AE94.5030705@gmail.com> (raw)
In-Reply-To: <5704A5C5.4000002@holgerdanske.com>
On 04/06/2016 07:59 AM, David Christensen wrote:
> On 04/05/2016 10:38 PM, Milan Broz wrote:
>> On 04/06/2016 06:25 AM, David Christensen wrote:
>> LUKS device cannot be used with random volume key, so I guess you use
>> just plain device without header. (So obviously header backup fails because
>> there is no header.)
Just one correction of my own words - LUKS key has random volume key, just it is
generated once and stored in keyslots. It cannot be easily just regenerated on every boot
(or you have to run luksFormat - and this makes no sense, plain device fits better here).
> Thank you for the information.
>
>
>>
>> You can verify it by checking entry in /etc/crypttab - no luks keyword:
>>
>>> # grep sda2 /etc/fstab
>>> /dev/mapper/sda2_crypt none swap
>>
>> or running "cryptsetup status sda2_crypt" over unlocked device
>> (type is LUKS1 for LUKS devices)
>
> # cryptsetup status sda2_crypt
> /dev/mapper/sda2_crypt is active and is in use.
> type: PLAIN
> cipher: aes-xts-plain64
> keysize: 256 bits
> device: /dev/sda2
> offset: 0 sectors
> size: 976896 sectors
> mode: read/write
>
>
> So, what I'm seeing is expected and correct, because a random-key
> encrypted swap uses dm-crypt on the raw partition, there is no LUKS
> container, and therefore no LUKS header to back up (?).
Yes, that's correct - you can also see that data offset as 0 sectors,
so the whole device is used.
In fact, there is no need to run any backup - the whole swap device
should get new random key and is reformatted (mkswap) on every boot.
(It cannot be used for hibernation.)
Milan
next prev parent reply other threads:[~2016-04-06 6:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-06 4:25 [dm-crypt] Debian 7.10 random key swap Device /dev/sda2 is not a valid LUKS device David Christensen
2016-04-06 5:38 ` Milan Broz
2016-04-06 5:59 ` David Christensen
2016-04-06 6:37 ` Milan Broz [this message]
2016-04-06 10:55 ` Michael Kjörling
2016-04-06 19:35 ` David Christensen
2016-04-06 20:26 ` Sven Eschenberg
2016-04-06 23:06 ` David Christensen
2016-04-07 9:39 ` Arno Wagner
2016-04-07 9:46 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5704AE94.5030705@gmail.com \
--to=gmazyland@gmail.com \
--cc=dm-crypt@saout.de \
--cc=dpchrist@holgerdanske.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.