[dm-crypt] "re-encrypting" ?
wolfgang.aigner at gmx.de
Sun Aug 14 19:57:24 CEST 2011
> What would
> > dd if=/dev/mapper/[cryptdevice] of=/dev/[device] conv=notrunc
> Actually do then ?
> Would it revert back to no encryption ? How would i convert the 256 bit
> encrypt to 128 ?
Ok, sorry for not be clear in the first mail. I thought you'd like to unencrypt
the whole thing.
To reencrypt you get two cryptdevices for the same device:
and then do an
dd if=/dev/mapper/[cryptdevice-AES256] of=/dev/[cryptdevice-AES128] \
And as wrote before, DON'T DO THIS IF DATA LOSS IS A PROBLEM for you. Ive done
this many times and most times it worked fine, but you can't be sure.
> Hein Diehl wrote
> Actually, you can't. You'll have to backup your data somewhere and
> luksFormat the partition with the new parameters. Besides, I doubt that
> 128 bit gives noticeably more speed than 256 bit, even if your system is
> somewhat old.
Be aware, that doesn't work with LUKS devices, only with plain dm-crypt
> Roscoe wrote
> This strikes me as poor advice for the following reasons:
> - It's writing out plaintext directly to his hard disk, the exact
> thing he doesn't want to happen
you are right, as I wrote on top I thought he would like to unencrypt the
> - It's riskier than it has to be, you're not even backing up the master
As Heinz Diehl wrote, it doesn't work with LUKS Headers. Don't bother to make
a backup for the keys ;-)
For dm-crypt devices you don't need a backup of you master key.
More information about the dm-crypt