[dm-crypt] extracting master key from luks header, cryptsetup

[dm-crypt] extracting master key from luks header, cryptsetup

[anirudh]

Is there a way to extract the master key from luks header if we have the key or
pass-phrase used to encrypt the volume using cryptsetup?

I wold like to save the master-key separately in a safe place and use it only in
the case where i forget the pass-phrase used to encrypt the volume. Mainly to
avoid saving the pass-phrase every time i change it.

Re: [dm-crypt] extracting master key from luks header, cryptsetup

[Rick Moritz]

Just create a backup luks header with a keyslot that is not in your
actual header and write that key down.
Then to get to the volume you simply overwrite the luks header with the backup.
I see no reason why this shouldn't work.

On Tue, May 3, 2011 at 10:50 PM, anirudh
<anirudh.takkallapally@gmail.com> wrote:
> Is there a way to extract the master key from luks header if we have the key or
> pass-phrase used to encrypt the volume using cryptsetup?
>
> I wold like to save the master-key separately in a safe place and use it only in
> the case where i forget the pass-phrase used to encrypt the volume. Mainly to
> avoid saving the pass-phrase every time i change it.
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>

Re: [dm-crypt] extracting master key from luks header, cryptsetup

[Milan Broz]

On 05/03/2011 10:50 PM, anirudh wrote:
> Is there a way to extract the master key from luks header if we have the key or
> pass-phrase used to encrypt the volume using cryptsetup?

If you want to really backup master key (and not the whole header with known
keyslot with luksHeaderBackup) use "luksDump --dump-master-key" command
(available in cryptsetup 1.2.0, passphrase for some keyslot is required).

(Also you can activate device and save the mapping table with master key
with "dmsetup table --showkeys <active device>".)

Milan