[dm-crypt] luks header
ms at citd.de
Wed Jan 7 12:31:38 CET 2015
On 06.01.2015 19:23, yakamo wrote:
> can you recommend an effective way to remove the luks header?
> i have tried cryptsetup luksFormat /dev/xxx --header ~/headerfile align-payload=0 but this still writes a header to the encrypted drive, is meant to happen?
>From the man-page of a new enough version of cryptsetup:
- snip -
Erase all keyslots and make the LUKS container permanently inaccessible. You do not need to provide any password for this operation.
WARNING: This operation is irreversible.
- snip -
Altough the warning is only 99% true, restoring a Header-Backup makes
the device accessible again, but you would need to have made a Backup
dd if=/dev/zero of=/dev/<device> bs=1M count=100
Which erases the first 100MB of said device, the LUKS-Header is only a
fraction of that, so this command also damages the data/filesystem
inside the container!
For total erasure of the device/patition kjust leave out "count=100" and
More information about the dm-crypt