[dm-crypt] migrate luks key-slots to another luks container
Alexander 'Leo' Bergolth
leo at strike.wu.ac.at
Wed Jan 16 21:51:36 CET 2013
Am 16.01.2013 21:14, schrieb Arno Wagner:
> Any reason why you want to change the cipher? After all, you can
> not enlarge the key and keep the keyslots.
> As to size, just enlarge the partition. Offset, I don't know,
> but if you do not need to keep any data, just changing the
> repective fiels in the header should do it. But is there really
> any reason to change the offset?
The motivation behind this is because I'd like to migrate the data to
another system using a different raid layout.
To ensure correct data alignment with the new stripe size, I need to
change the payload-offset using --align-payload.
Besides, I'd like to change cipher from aes-cbc-essiv:sha256 to
aes-xts-plain. (Key size is 256 bit on both.)
The source system is currently mounted, so my plan is to create a new
luks container (preferrably using the same keyslots) and then just rsync
> On Wed, Jan 16, 2013 at 08:57:47PM +0100, Alexander 'Leo' Bergolth wrote:
>> Am 16.01.2013 19:50, schrieb .. ink ..:
>>> Is it possible to move the passphrases from one luks container to a new
>>> one with different cipher, size and payload offset? (There is currently
>>> no data on the new container, I just want to keep the old passphrases.)
>>> any reason why you dont want to just add those old passphrases to the
>>> new container using "luksAddKey"?
>> I'd like to transfer the key-slots so that the same passphrases can
>> be used to unlock them.
>> I don't know the passphrases. (Just one of them.)
>> e-mail ::: Leo.Bergolth (at) wu.ac.at
>> fax ::: +43-1-31336-906050
>> location ::: IT-Services | Vienna University of Economics | Austria
>> dm-crypt mailing list
>> dm-crypt at saout.de
e-mail ::: Leo.Bergolth (at) wu.ac.at
fax ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria
More information about the dm-crypt