help with LUKS header backup
10/01/2012 23:55, yudi v wrote:
Yes, I am using this regularly. Backing up the headers to encrypted media
(two preferably) is good practice, even if one can foresee a bit off a
circle here ;-) . Header backups are easier to break than original LUKS
there is only one LUKS header on a disk, right?
I have LVM on top of LUKS. Therefore only one partition with is LUKS encrypted.
What happens when LUKS is on top of LVM. There will be several
partitions, will there also be several header files. One for each LUKS
partition or is it just one header for all LUKS partitions?
One header for one LUKS container, doesn't matter if they are on top of
lvm or raid. There is room for several "slots" for pass-phrases or
pass-keys, but every slot is contained in the same header for one
container. If you revoke a slot, destroy every backup of that container,
and create a new one, and you'll be safe.
Making LUKS the lower level or putting it on top of something else (lvm,
raid) is a matter of choice and partitioning constraints, it works
anyways. For ease of use one luks container at the lower level (whole
disk encryption) is probably the best.
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact email@example.com