DM-Crypt Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [dm-crypt] re-format existing luks partition
@ 2013-11-22  8:26 shmick
  2013-11-22 10:33 ` Ondrej Kozina
  2013-11-26 12:06 ` [dm-crypt] open ext-2/3/4 luks container, ext2fsd + FreeOTFE in Windows shmick
  0 siblings, 2 replies; 7+ messages in thread
From: shmick @ 2013-11-22  8:26 UTC (permalink / raw)
  To: dm-crypt

ive recently discovered some faster cipher/hash combinations and want to
revive my old computer so-to-speak

can i re-format an existing luks partition (as the same /dev/sda[x] and
simply re-copy an fsarchive operating system backup straight to it
without anything further required ?

so i assume this is just a new crypto layer, and the operating system
will boot accordingly ?

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [dm-crypt] re-format existing luks partition
  2013-11-22  8:26 [dm-crypt] re-format existing luks partition shmick
@ 2013-11-22 10:33 ` Ondrej Kozina
  2013-11-22 11:49   ` shmick
  2013-11-26 12:06 ` [dm-crypt] open ext-2/3/4 luks container, ext2fsd + FreeOTFE in Windows shmick
  1 sibling, 1 reply; 7+ messages in thread
From: Ondrej Kozina @ 2013-11-22 10:33 UTC (permalink / raw)
  To: shmick@riseup.net, dm-crypt

On 11/22/2013 09:26 AM, shmick@riseup.net wrote:
> can i re-format an existing luks partition (as the same /dev/sda[x] and
> simply re-copy an fsarchive operating system backup straight to it
> without anything further required ?

There's an offline cryptsetup-reencrypt tool in cryptsetup 1.5.0 and 
later. It's really offline so the device needs to umnouted before 
reencrypting.

Also you should consider shrinking the filesystem residing on the luks 
device (and after that also the device) before actual reencryption. It 
makes reencryption sector-by-sector no matter if it is used by 
filessytem or not.

Also there are some fixes ready for reencryption tool on the way so you 
may be also interested waiting for 1.6.3 release in coming weeks.

Regards
Ondrej

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [dm-crypt] re-format existing luks partition
  2013-11-22 10:33 ` Ondrej Kozina
@ 2013-11-22 11:49   ` shmick
  2013-11-22 14:19     ` Robert Nichols
  0 siblings, 1 reply; 7+ messages in thread
From: shmick @ 2013-11-22 11:49 UTC (permalink / raw)
  To: Ondrej Kozina, dm-crypt



Ondrej Kozina:
> On 11/22/2013 09:26 AM, shmick@riseup.net wrote:
>> can i re-format an existing luks partition (as the same /dev/sda[x] and
>> simply re-copy an fsarchive operating system backup straight to it
>> without anything further required ?
> 
> There's an offline cryptsetup-reencrypt tool in cryptsetup 1.5.0 and
> later. It's really offline so the device needs to umnouted before
> reencrypting.
> 
> Also you should consider shrinking the filesystem residing on the luks
> device (and after that also the device) before actual reencryption. It
> makes reencryption sector-by-sector no matter if it is used by
> filessytem or not.

thank you for the advice

> 
> Also there are some fixes ready for reencryption tool on the way so you
> may be also interested waiting for 1.6.3 release in coming weeks.

i shall wait around for some updates
just finally as an aside, is this method truly safe compared to starting
again ?

is there any peer review of cryptsetup's operation as a whole similarly
like truecrypt had by a german organisation a few years back ?

> 
> Regards
> Ondrej
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [dm-crypt] re-format existing luks partition
  2013-11-22 11:49   ` shmick
@ 2013-11-22 14:19     ` Robert Nichols
  2013-11-22 15:33       ` Arno Wagner
  0 siblings, 1 reply; 7+ messages in thread
From: Robert Nichols @ 2013-11-22 14:19 UTC (permalink / raw)
  To: dm-crypt

On 11/22/2013 05:49 AM, shmick@riseup.net wrote:
>
>
> Ondrej Kozina:
>> On 11/22/2013 09:26 AM, shmick@riseup.net wrote:
>>> can i re-format an existing luks partition (as the same /dev/sda[x] and
>>> simply re-copy an fsarchive operating system backup straight to it
>>> without anything further required ?
>>
>> There's an offline cryptsetup-reencrypt tool in cryptsetup 1.5.0 and
>> later. It's really offline so the device needs to umnouted before
>> reencrypting.
>>
>> Also you should consider shrinking the filesystem residing on the luks
>> device (and after that also the device) before actual reencryption. It
>> makes reencryption sector-by-sector no matter if it is used by
>> filessytem or not.
>
> thank you for the advice
>
>>
>> Also there are some fixes ready for reencryption tool on the way so you
>> may be also interested waiting for 1.6.3 release in coming weeks.
>
> i shall wait around for some updates
> just finally as an aside, is this method truly safe compared to starting
> again ?

Safer and simpler just to start over with a luksFormat, as you proposed.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [dm-crypt] re-format existing luks partition
  2013-11-22 14:19     ` Robert Nichols
@ 2013-11-22 15:33       ` Arno Wagner
  0 siblings, 0 replies; 7+ messages in thread
From: Arno Wagner @ 2013-11-22 15:33 UTC (permalink / raw)
  To: dm-crypt

On Fri, Nov 22, 2013 at 15:19:33 CET, Robert Nichols wrote:
> On 11/22/2013 05:49 AM, shmick@riseup.net wrote:
[...]
> >>Also there are some fixes ready for reencryption tool on the way so you
> >>may be also interested waiting for 1.6.3 release in coming weeks.
> >
> >i shall wait around for some updates
> >just finally as an aside, is this method truly safe compared to starting
> >again ?
> 
> Safer and simpler just to start over with a luksFormat, as you proposed.

It is simpler. As to safer, neither is safe without a good backup.

Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare

^ permalink raw reply	[flat|nested] 7+ messages in thread
* [dm-crypt] open ext-2/3/4 luks container, ext2fsd + FreeOTFE in Windows
  2013-11-22  8:26 [dm-crypt] re-format existing luks partition shmick
  2013-11-22 10:33 ` Ondrej Kozina
@ 2013-11-26 12:06 ` shmick
  2013-11-26 12:34   ` Milan Broz
  1 sibling, 1 reply; 7+ messages in thread
From: shmick @ 2013-11-26 12:06 UTC (permalink / raw)
  To: dm-crypt

does anybody have some working field notes they can pass on to get this
working ?

when i attempt to open the luks container, FreeOTFE can't do it

in windows device manager the disk reports it must be initialised which
will obviously destroy the luks header info

i may have better luck with a FAT/NTFS fs but i'd prefer to keep it
native to linux and just use read only in Windows

my method was to simply first create the luks container, format it to
ext4 and attempt to open in Windows with FreeOTFE

could it be a permissions issue ?
i thought not Re device manager results



a long time ago i tried this with an ext4 partition and remember
FreeOTFE mounted it ok, but Ext2fsd reported UUID=1000 pop up error and
could not mount it

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [dm-crypt] open ext-2/3/4 luks container, ext2fsd + FreeOTFE in Windows
  2013-11-26 12:06 ` [dm-crypt] open ext-2/3/4 luks container, ext2fsd + FreeOTFE in Windows shmick
@ 2013-11-26 12:34   ` Milan Broz
  0 siblings, 0 replies; 7+ messages in thread
From: Milan Broz @ 2013-11-26 12:34 UTC (permalink / raw)
  To: shmick@riseup.net; +Cc: dm-crypt

On 11/26/2013 01:06 PM, shmick@riseup.net wrote:
> does anybody have some working field notes they can pass on to get this
> working ?
> 
> when i attempt to open the luks container, FreeOTFE can't do it
> 
> in windows device manager the disk reports it must be initialised which
> will obviously destroy the luks header info

I think usual way is to create partition table with single partition
(and create LUKS on that partition)
IIRC device manager will not complain if there is a partition table.


> i may have better luck with a FAT/NTFS fs but i'd prefer to keep it
> native to linux and just use read only in Windows
> 
> my method was to simply first create the luks container, format it to
> ext4 and attempt to open in Windows with FreeOTFE

So you destroy LUKS header or keyslots by mkfs? This is wrong, don't do it.
It is just pure luck if it works. (It was actually kind of a bug in mkfs that it
did not destroy LUKS signature properly.)

Milan

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2013-11-26 12:34 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-11-22  8:26 [dm-crypt] re-format existing luks partition shmick
2013-11-22 10:33 ` Ondrej Kozina
2013-11-22 11:49   ` shmick
2013-11-22 14:19     ` Robert Nichols
2013-11-22 15:33       ` Arno Wagner
2013-11-26 12:06 ` [dm-crypt] open ext-2/3/4 luks container, ext2fsd + FreeOTFE in Windows shmick
2013-11-26 12:34   ` Milan Broz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox