[dm-crypt] Unable to dump header with --dump-master-key
okozina at redhat.com
Wed Mar 29 15:41:35 CEST 2017
On 03/29/2017 03:30 PM, Waqar Khan wrote:
> Apologies I jumped the gun on asking here. I re-read the question and
> it says type yes capitalised. Please ignore.
> On Wed, Mar 29, 2017 at 2:23 PM, Waqar Khan <waqark3389temp at gmail.com> wrote:
>> I am playing around and learning about LUKS encryption on Centos, so I
>> installed Centos 7 with the /home partition encrypted.
>> I am trying to dump the header with the master key for safe keeping in
>> case I forget the passphrase or the header becomes corrupt (More to
>> learn about how it works and how the header looks like)
Also, for the sake of keeping yourself a header backup copy (to mitigate
eventual header corruption impact) I'd strongly recommend using
luksHeaderBackup command as being written in the FAQs. If you store
volume key in hexbyte representation directly in some file or whatever
you basically expose the volume key to whoever has access to your
luksDump output. On the other hand proper header backup keeps your
volume key safe(r) (as LUKS header does).
More information about the dm-crypt