[dm-crypt] How to derive master key in plain dm-crypt mode
ralf+dm at ramses-pyramidenbau.de
Wed Dec 10 17:01:13 CET 2014
On 12/10/2014 05:56 PM, Ralf Ramsauer wrote:
> On 12/10/2014 01:48 PM, Jian-Ming Zheng wrote:
>> In plain dm-crypt mode, there is no encrypted master key on the device
>> (i.e., no metadata header). Is a master key derived from the user
>> passphrase and used to en-/decrypt the device? If yes, how to derive
>> the master key from the passphrase in plain mode?
Oh I'm sorry. I stand corrected.
I skipped a word when I read your message. I skipped the "plain" part.
I can't answer your question as I don't know how the key is derived from
the passphrase using plain mode.
But I'm pretty sure someone one this list will know it.
But I can tell you, that if your device is mounted, you can use dmsetup
to dump the masterkey:
# dmsetup table --showkeys DEVICENAME
> In short words and to sum it up:
> The passphrase is used to generate some "intermediate" key, using a Key
> Derivation Function. In case of Luks, this function is PBKDF2.
> This derived key is used to decrypt a Keyslot in the Luks header of your
> volume, which contains the actual masterkey.
> So having only the passphrase is not sufficient to derive a volume's
>> dm-crypt mailing list
>> dm-crypt at saout.de
> dm-crypt mailing list
> dm-crypt at saout.de
More information about the dm-crypt