[dm-crypt] Best practice for storing header backup and protecting against mistakes/misuse.
waqark3389temp at gmail.com
Wed Mar 29 15:42:03 CEST 2017
I have read through the FAQ and its got a lot of useful information
from the backup section.
I have encrypted /home and used
cryptsetup --dump-master-key luksDump /dev/dm-2
cryptsetup luksHeaderBackup --dump-master-key /dev/dm-2
to make a copy of the header incase I forget my passphrase. I bought a
encrypted USB drive to put the header on.
My first question is, if something like header corruption/ passphrase
forgotten, would I be able to restore from my USB on to the LUKS
partition and continue using /home as it was? What if I have unmounted
it or rebooted the machine.
Second, what else should I be doing in order to protect against
accidents such as above?
Lastly, a few people have access to this machine (through the same
passphrase), some work colleagues, how can I protect against one
disgruntled member leaving the company and changing the passphrase
(then unmounting the volume for good measure) and not telling anyone?
More information about the dm-crypt