[dm-crypt] How to derive master key in plain dm-crypt mode

Ralf Ramsauer ralf+dm at ramses-pyramidenbau.de
Wed Dec 10 17:01:13 CET 2014


On 12/10/2014 05:56 PM, Ralf Ramsauer wrote:
> On 12/10/2014 01:48 PM, Jian-Ming Zheng wrote:
>> Hi,
>>
>> In plain dm-crypt mode, there is no encrypted master key on the device
>> (i.e., no metadata header). Is a master key derived from the user
>> passphrase and used to en-/decrypt the device? If yes, how to derive
>> the master key from the passphrase in plain mode?

Oh I'm sorry. I stand corrected.
I skipped a word when I read your message. I skipped the "plain" part.
I can't answer your question as I don't know how the key is derived from
the passphrase using plain mode.
But I'm pretty sure someone one this list will know it.

But I can tell you, that if your device is mounted, you can use dmsetup
to dump the masterkey:
# dmsetup table --showkeys DEVICENAME

cheers
  Ralf
> Hi,
>
> No.
>
> In short words and to sum it up:
> The passphrase is used to generate some "intermediate" key, using a Key
> Derivation Function. In case of Luks, this function is PBKDF2.
> This derived key is used to decrypt a Keyslot in the Luks header of your
> volume, which contains the actual masterkey.
>
> So having only the passphrase is not sufficient to derive a volume's
> masterkey.
>
> cheers
>   Ralf
>> Thanks.
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt at saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt



More information about the dm-crypt mailing list