[dm-crypt] Unable to dump header with --dump-master-key

Ondrej Kozina okozina at redhat.com
Wed Mar 29 15:41:35 CEST 2017


On 03/29/2017 03:30 PM, Waqar Khan wrote:
> Hi,
>
> Apologies I jumped the gun on asking here. I re-read the question and
> it says type yes capitalised. Please ignore.
>
> Regards
>
> On Wed, Mar 29, 2017 at 2:23 PM, Waqar Khan <waqark3389temp at gmail.com> wrote:
>> I am playing around and learning about LUKS encryption on Centos, so I
>> installed Centos 7 with the /home partition encrypted.
>>
>> I am trying to dump the header with the master key for safe keeping in
>> case I forget the passphrase or the header becomes corrupt (More to
>> learn about how it works and how the header looks like)

Also, for the sake of keeping yourself a header backup copy (to mitigate 
eventual header corruption impact) I'd strongly recommend using 
luksHeaderBackup command as being written in the FAQs. If you store 
volume key in hexbyte representation directly in some file or whatever 
you basically expose the volume key to whoever has access to your 
luksDump output. On the other hand proper header backup keeps your 
volume key safe(r) (as LUKS header does).

O.


More information about the dm-crypt mailing list