[dm-crypt] Unlocking volume using master key

Milan Broz mbroz at redhat.com
Sat Feb 11 11:33:54 CET 2012


On 02/11/2012 12:21 AM, anirudh takkallapally wrote:
> Ok cool, thanks for the quick response.
>
> i am compiling cryptsetup, so can i am guessing i will be able to call
> libcryptsetup API.

It was quicker to implement it than explain:)
Try upstream git now, see this commit
http://code.google.com/p/cryptsetup/source/detail?r=d54204564519682881e9a125dd37e3c39502ebfa#

Basically, if you have volume key somewhere in file, you can not only
use it to format

cryptsetup luksFormat --master-key-file <vk_file> <device>

but you can also open device using it now

cryptsetup luksOpen --master-key-file <vk_file> <device> <mapped_name>


Obviously, you are responsible that VK is generated properly
(enough entropy etc) and that you store VK file safely
(anyone can map device using this file without passphrase knowledge).

Use at your own risk :-)

(I will release 1.4.2 version perhaps soon.)

Thanks,
Milan


More information about the dm-crypt mailing list