[dm-crypt] The encrypted LUKS Master Key

[dm-crypt] The encrypted LUKS Master Key

[Si St]

A Question:

Where is the encrypted MK located that decrypts the dm-encrypted partition?

I believe to understand the point so far that the decrypted MK is never written to disk, only to the memory. Is the MK stored further down the line off the 592 bytes LUKS header? Or is it so complex that a decrypted MK can be restored from the password + the LUKS-machinery and does not even have to be stored as an encrypted MK at all? (I think this is wrong).

If the e-MK is stored on disk, is it stored in the filesystem of the partition or somewhere else in another block area right after the LUKS-592-Bytes?

SS

-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com

Powered by Outblaze

Re: [dm-crypt] The encrypted LUKS Master Key

[Milan Broz]

On 11/14/2009 06:28 PM, Si St wrote:
> A Question:
> 
> Where is the encrypted MK located that decrypts the dm-encrypted partition?

In the kesylot area (keyslot areas starts after that visible part of LUKS header),
encrypted by the same cipher as data and obfuscated by algorithm
described in LUKS specification http://code.google.com/p/cryptsetup/wiki/Specification

> I believe to understand the point so far that the decrypted MK is never written to disk, only to the memory.
yes, decrypted MK is never stored on disk, only used to set dm-crypt mapping using dm-ioctl.

For LUKS, the MK itself is generated using random data, passphrase only unlocks the keyslot area
where is the MK stored.

To exact specification please read the LUKS documentation above.

Milan
--
mbroz@redhat.com