[dm-crypt] Can you change the cipher without destroying your data
michael at kjorling.se
Fri Dec 18 22:34:27 CET 2015
On 18 Dec 2015 14:13 -0500, from doark at mail.com (David Niklas):
> I have a LUKS partition, aes-xts-plain64.
> I wanted to change it, can I?
> I can unmount the drive and do this, I'm not talking hot change here.
I believe this is exactly what cryptsetup-reencrypt was designed to
do. That tool is available in cryptsetup 1.5.0 and up.
And yes, the reencryption is an offline operation.
And you really, _REALLY_ want to have a fresh backup of your data
before you even think about doing it.
But just out of curiosity, why do you want to migrate away from
aes-xts-plain64? I've said it before; that is the default for a
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
“People who think they know everything really annoy
those of us who know we don’t.” (Bjarne Stroustrup)
More information about the dm-crypt