[dm-crypt] Unlocking volume using master key

Milan Broz mbroz at redhat.com
Fri Feb 10 22:05:05 CET 2012


On 02/10/2012 09:11 PM, anirudh takkallapally wrote:
> My question over here is How do we unlock an encrypted volume using the Master
> key? this is without having to add a new passphrase.

Hm, this is interesting... it is possible through libcryptsetup API,
but cryptsetup CLI allows using --master-key-file only in
luksFormat and luksAddKey.

It should be easy to add, if you can add issue on project page
I will add it to next version (for luksOpen).

For now, I think the only "simple" shell solution is to not only
store master key, but whole mapping table
"dmsetup table --showkeys" and activate volume using
dmsetup create <name> --table "<stored table>"
(bypass LUKS completely - can be dangerous if wrongly used).
(in mapping table you can replace device to path to snapshot)

It is not ideal solution though...

Milan


More information about the dm-crypt mailing list