[dm-crypt] Debian 7.10 random key swap Device /dev/sda2 is not a valid LUKS device.
gmazyland at gmail.com
Wed Apr 6 08:37:08 CEST 2016
On 04/06/2016 07:59 AM, David Christensen wrote:
> On 04/05/2016 10:38 PM, Milan Broz wrote:
>> On 04/06/2016 06:25 AM, David Christensen wrote:
>> LUKS device cannot be used with random volume key, so I guess you use
>> just plain device without header. (So obviously header backup fails because
>> there is no header.)
Just one correction of my own words - LUKS key has random volume key, just it is
generated once and stored in keyslots. It cannot be easily just regenerated on every boot
(or you have to run luksFormat - and this makes no sense, plain device fits better here).
> Thank you for the information.
>> You can verify it by checking entry in /etc/crypttab - no luks keyword:
>>> # grep sda2 /etc/fstab
>>> /dev/mapper/sda2_crypt none swap
>> or running "cryptsetup status sda2_crypt" over unlocked device
>> (type is LUKS1 for LUKS devices)
> # cryptsetup status sda2_crypt
> /dev/mapper/sda2_crypt is active and is in use.
> type: PLAIN
> cipher: aes-xts-plain64
> keysize: 256 bits
> device: /dev/sda2
> offset: 0 sectors
> size: 976896 sectors
> mode: read/write
> So, what I'm seeing is expected and correct, because a random-key
> encrypted swap uses dm-crypt on the raw partition, there is no LUKS
> container, and therefore no LUKS header to back up (?).
Yes, that's correct - you can also see that data offset as 0 sectors,
so the whole device is used.
In fact, there is no need to run any backup - the whole swap device
should get new random key and is reformatted (mkswap) on every boot.
(It cannot be used for hibernation.)
More information about the dm-crypt