From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <shmick@riseup.net>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id PF4lKNx9On8K for <dm-crypt@saout.de>;
 Fri, 22 Nov 2013 12:50:03 +0100 (CET)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Fri, 22 Nov 2013 12:50:02 +0100 (CET)
Message-ID: <528F44D7.70604@riseup.net>
Date: Fri, 22 Nov 2013 22:49:43 +1100
From: "shmick@riseup.net" <shmick@riseup.net>
MIME-Version: 1.0
References: <528F152D.5090205@riseup.net> <528F330C.7090407@redhat.com>
In-Reply-To: <528F330C.7090407@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] re-format existing luks partition
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Ondrej Kozina <okozina@redhat.com>, dm-crypt@saout.de



Ondrej Kozina:
> On 11/22/2013 09:26 AM, shmick@riseup.net wrote:
>> can i re-format an existing luks partition (as the same /dev/sda[x] and
>> simply re-copy an fsarchive operating system backup straight to it
>> without anything further required ?
> 
> There's an offline cryptsetup-reencrypt tool in cryptsetup 1.5.0 and
> later. It's really offline so the device needs to umnouted before
> reencrypting.
> 
> Also you should consider shrinking the filesystem residing on the luks
> device (and after that also the device) before actual reencryption. It
> makes reencryption sector-by-sector no matter if it is used by
> filessytem or not.

thank you for the advice

> 
> Also there are some fixes ready for reencryption tool on the way so you
> may be also interested waiting for 1.6.3 release in coming weeks.

i shall wait around for some updates
just finally as an aside, is this method truly safe compared to starting
again ?

is there any peer review of cryptsetup's operation as a whole similarly
like truecrypt had by a german organisation a few years back ?

> 
> Regards
> Ondrej
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>