From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XDPsvRcanS5C for ; Fri, 22 Nov 2013 15:19:47 +0100 (CET) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Fri, 22 Nov 2013 15:19:46 +0100 (CET) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1VjraD-0006bh-Hk for dm-crypt@saout.de; Fri, 22 Nov 2013 15:19:45 +0100 Received: from c-98-227-220-190.hsd1.il.comcast.net ([98.227.220.190]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 22 Nov 2013 15:19:45 +0100 Received: from rnicholsNOSPAM by c-98-227-220-190.hsd1.il.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 22 Nov 2013 15:19:45 +0100 From: Robert Nichols Date: Fri, 22 Nov 2013 08:19:33 -0600 Message-ID: References: <528F152D.5090205@riseup.net> <528F330C.7090407@redhat.com> <528F44D7.70604@riseup.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit In-Reply-To: <528F44D7.70604@riseup.net> Subject: Re: [dm-crypt] re-format existing luks partition List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 11/22/2013 05:49 AM, shmick@riseup.net wrote: > > > Ondrej Kozina: >> On 11/22/2013 09:26 AM, shmick@riseup.net wrote: >>> can i re-format an existing luks partition (as the same /dev/sda[x] and >>> simply re-copy an fsarchive operating system backup straight to it >>> without anything further required ? >> >> There's an offline cryptsetup-reencrypt tool in cryptsetup 1.5.0 and >> later. It's really offline so the device needs to umnouted before >> reencrypting. >> >> Also you should consider shrinking the filesystem residing on the luks >> device (and after that also the device) before actual reencryption. It >> makes reencryption sector-by-sector no matter if it is used by >> filessytem or not. > > thank you for the advice > >> >> Also there are some fixes ready for reencryption tool on the way so you >> may be also interested waiting for 1.6.3 release in coming weeks. > > i shall wait around for some updates > just finally as an aside, is this method truly safe compared to starting > again ? Safer and simpler just to start over with a luksFormat, as you proposed. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it.