From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ww0-f42.google.com (mail-ww0-f42.google.com [74.125.82.42]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Sun, 19 Jun 2011 17:26:02 +0200 (CEST) Received: by wwg11 with SMTP id 11so1578466wwg.1 for ; Sun, 19 Jun 2011 08:26:02 -0700 (PDT) Message-ID: <4DFE1507.6020909@gmail.com> Date: Sun, 19 Jun 2011 17:25:59 +0200 From: Patrick MIME-Version: 1.0 References: <4DFDFFA5.70404@gmail.com> <4DFE0D59.1090000@redhat.com> In-Reply-To: <4DFE0D59.1090000@redhat.com> Content-Type: multipart/alternative; boundary="------------020009010305070100000805" Subject: Re: [dm-crypt] Partition mandatory? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Milan Broz Cc: dm-crypt@saout.de This is a multi-part message in MIME format. --------------020009010305070100000805 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Thank you for your quick and clear answer Milan! Tha'ts really great! :D So, in the case of such a header destruction by an "old" OS, I think it is still possible to restore the header I saved using _luksHeaderBackup_ --header-backup-file doing _luksHeaderRestore_ --header-backup-file Correct? Best regards, Patrick Le 19. 06. 11 16:53, Milan Broz a =E9crit : > On 06/19/2011 03:54 PM, Patrick wrote: >> The case : I want to encrypt a full USB disk and my question is : is >> it mandatory to have a partition existing on the device and to >> luskformat the partition? In other words, is it OK to luksformat the >> full device, without mentionning any partition? Is it off >> "standards"? > You can use whole device without partition table, there is no problem > in Linux. For LUKS it is just block device - it is not important > if it is partition or the whole device. > > There is only one situation, I know about, when using partition is safer. > > If you have portable disk (or USB flashdrive or whatever) and there > is no partition table on it, and you plug such drive to > another system (namely older version of Windows) it > likes to offer you to "initialize" drive - which can destruct > LUKS header there. If there is a partition table, it thinks that > drive was already initialized preventing it. > (I think it is not problem in recent versions but not sure.) > > Milan --------------020009010305070100000805 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Thank you for your quick and clear answer Milan! Tha'ts really great! :D

So, in the case of such a header destruction by an "old" OS, I think it is still possible to restore the header I saved using

luksHeaderBackup <device> --header-backup-file <file>

doing

luksHeaderRestore <device> --header-backup-file <file>

Correct?

Best regards,

Patrick

Le 19. 06. 11 16:53, Milan Broz a écrit :

On 06/19/2011 03:54 PM, Patrick wrote:

The case : I want to encrypt a full USB disk and my question is : is
it mandatory to have a partition existing on the device and to
luskformat the partition? In other words, is it OK to luksformat the
full device, without mentionning any partition? Is it off
"standards"?

You can use whole device without partition table, there is no problem
in Linux. For LUKS it is just block device - it is not important
if it is partition or the whole device.

There is only one situation, I know about, when using partition is safer.

If you have portable disk (or USB flashdrive or whatever) and there
is no partition table on it, and you plug such drive to
another system (namely older version of Windows) it
likes to offer you to "initialize" drive - which can destruct
LUKS header there. If there is a partition table, it thinks that
drive was already initialized preventing it.
(I think it is not problem in recent versions but not sure.)

Milan

--------------020009010305070100000805--