[Solved] cryptsetup using a remote header and keyfile

KairiTech · 2014-07-20 15:56:32

Synopsys: Classic case of less is more - "... require only header (no data device reference) so just use header as parameter ..."

I'm using the code below to set up an encrypted RAID0 array with a remote header...

mdadm --create /dev/md111 --metadata=0.90 --level=0 --raid-devices=1 --force /dev/sde1

truncate -s 2M /tmp/root-header.img

cryptsetup --header=/tmp/root-header.img luksFormat --align-payload=8192 --cipher=aes-xts-plain --verify-passphrase --key-size=512 /dev/md111

cryptsetup --header=/tmp/root-header.img luksOpen /dev/md111 pv_test

... which seems to work...

sde                                     8:64   0  59.6G  0 disk  
└─sde1                                  8:65   0   9.3G  0 part  
  └─md111                               9:111  0   9.3G  0 raid0 
    └─pv_test                         254:7    0   9.3G  0 crypt

...but luksDump, luksKillSlot and luksAddKey all error out...

cryptsetup --header=/tmp/root-header.img luksDump /dev/md111

cryptsetup --header=/tmp/root-header.img luksKillSlot /dev/md111 1

cryptsetup --header=/tmp/root-header.img luksAddKey --key-slot 1 /dev/md111 /tmp/test.key

... with the message below:

Device /dev/md111 is not a valid LUKS device.

Am I missing something here?

Last edited by KairiTech (2014-07-21 11:31:34)

KairiTech · 2014-07-20 16:29:25

This code seems to work as expected:

cryptsetup luksDump /tmp/root-header.img

cryptsetup luksKillSlot /tmp/root-header.img 1

cryptsetup luksAddKey /tmp/root-header.img --key-slot 1 /tmp/test.key

Last edited by KairiTech (2014-07-20 16:37:52)

Arch Linux

#1 2014-07-20 15:56:32

[Solved] cryptsetup using a remote header and keyfile

#2 2014-07-20 16:29:25

Re: [Solved] cryptsetup using a remote header and keyfile

Board footer