From: "Michael Kjörling" <michael@kjorling.se>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Detached header creation confusion.
Date: Sun, 22 Dec 2019 20:41:53 +0000 [thread overview]
Message-ID: <cx43xtxbktkgb3zkrcrfqqg4@localhost> (raw)
In-Reply-To: <830403085.13951328.1576484487874@mail.yahoo.com>
On 16 Dec 2019 08:21 +0000, from bdbasstech@yahoo.com (Aint Tellin):
> I am attempting to create a detached header in conjunction with a 1G offset.
> The version of cryptsetup I am using is version 2.2.2. My kernel is 5.4.3
> What I expected: > detached header file "detached_header.img" on /dev/sda1 (mounted at /mnt)> luks protected data on /dev/sda1
> The command I used.> $cryptsetup luksFormat /dev/sd2 --offset 2097152 --header /mnt/detached_header.img
Seems to work for me, with just a quick test using a sparse file
backing a loop device for a throwaway container, on an up-to-date
Debian 10/Buster with kernel version 4.19.67-2+deb10u2 and cryptsetup
version 2.1.0 (package version 2:2.1.0-5+deb10u2). Can you give
something like the below a try and let us know how it turns out?
-- cut --
# truncate -s 2G /tmp/user/0/d1
# losetup -f /tmp/user/0/d1
# losetup
NAME SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE DIO LOG-SEC
/dev/loop0 0 0 0 0 /tmp/user/0/d1 0 512
# cryptsetup luksFormat /dev/loop0 --offset 2097152 --header /tmp/user/0/d1hdr
WARNING!
========
Header file does not exist, do you want to create it?
Are you sure? (Type uppercase yes): YES
Enter passphrase for /tmp/user/0/d1hdr:
Verify passphrase:
# file -s /dev/loop0
/dev/loop0: data
# file -s /tmp/user/0/d1hdr
/tmp/user/0/d1hdr: LUKS encrypted file, ver 2 [, , sha256] UUID: 7fd5ad0e-b41a-40d4-80ca-3c32d6934324
# cryptsetup luksDump /tmp/user/0/d1hdr
LUKS header information
Version: 2
Epoch: 3
Metadata area: 16384 [bytes]
Keyslots area: 134217728 [bytes]
UUID: 7fd5ad0e-b41a-40d4-80ca-3c32d6934324
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 1073741824 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]
Keyslots:
0: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: argon2i
Time cost: 4
Memory: 724521
Threads: 4
Salt: 37 de 46 94 4a c0 c5 15 03 0d 29 25 41 f7 90 1f
6d 16 d0 4e 81 9d 96 f0 f2 bc e4 ff 0b 48 6c 5a
AF stripes: 4000
AF hash: sha256
Area offset:32768 [bytes]
Area length:258048 [bytes]
Digest ID: 0
Tokens:
Digests:
0: pbkdf2
Hash: sha256
Iterations: 75939
Salt: 48 00 1f 93 a0 7b f4 c4 54 9c 25 a9 a1 6b 20 a6
bf 4e bb 6d cb 66 9a 01 73 b4 ba 54 49 d6 3c 90
Digest: 80 4b 94 a0 50 c3 94 aa f8 46 20 7d 34 e1 df 60
8e 84 3a 9c ab 01 98 c7 13 23 7a 6a 0b f5 d6 0d
# cryptsetup luksDump /tmp/user/0/d1
Device /tmp/user/0/d1 is not a valid LUKS device.
#
-- cut --
--
Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”
prev parent reply other threads:[~2019-12-22 20:41 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <830403085.13951328.1576484487874.ref@mail.yahoo.com>
2019-12-16 8:21 ` [dm-crypt] Detached header creation confusion Aint Tellin
2019-12-22 20:41 ` Michael Kjörling [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cx43xtxbktkgb3zkrcrfqqg4@localhost \
--to=michael@kjorling.se \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox