|
705 | 705 | this. The only legitimate reason I can think of is if you want to have |
706 | 706 | two LUKS devices with the same volume key. Even then, I think it would |
707 | 707 | be preferable to just use key-slots with the same passphrase, or to use |
708 | | - plain dm-crypt instead. If you really have a good reason, please tell |
709 | | - me. If I am convinced, I will add how to do this here. |
| 708 | + plain dm-crypt instead. |
710 | 709 |
|
| 710 | + Use the --volume-key-file option, like this: |
| 711 | +``` |
| 712 | + cryptsetup luksFormat --volume-key-file keyfile /dev/loop0 |
| 713 | +``` |
711 | 714 |
|
712 | 715 | * **2.12 What are the security requirements for a key read from file?** |
713 | 716 |
|
|
1923 | 1926 | Hence, LUKS has no kill option because it would do much more harm than |
1924 | 1927 | good. |
1925 | 1928 |
|
1926 | | - Still, if you have a good use-case (i.e. non-abstract real-world |
1927 | | - situation) where a Nuke-Option would actually be beneficial, please let |
1928 | | - me know. |
1929 | | - |
1930 | 1929 |
|
1931 | 1930 | * **5.22 Does cryptsetup open network connections to websites, etc. ?** |
1932 | 1931 |
|
@@ -2680,8 +2679,7 @@ can be converted to the raw volume key for example via: |
2680 | 2679 |
|
2681 | 2680 | Note that at the time this FAQ item was written, 1.5.4 was the latest |
2682 | 2681 | 1.5.x version and it has the flaw, i.e. works with the old Whirlpool |
2683 | | - version. Possibly later 1.5.x versions will work as well. If not, |
2684 | | - please let me know. |
| 2682 | + version. Possibly later 1.5.x versions will work as well. |
2685 | 2683 |
|
2686 | 2684 | The only two ways to access older LUKS containers created with Whirlpool |
2687 | 2685 | are to either decrypt with an old gcrypt version that has the flaw or to |
@@ -2797,8 +2795,7 @@ can be converted to the raw volume key for example via: |
2797 | 2795 | 03) Creating your own initrd |
2798 | 2796 |
|
2799 | 2797 | The two examples below should give you most of what is needed. This is |
2800 | | - tested with LUKS1 and should work with LUKS2 as well. If not, please |
2801 | | - let me know. |
| 2798 | + tested with LUKS1 and should work with LUKS2 as well. |
2802 | 2799 |
|
2803 | 2800 | Here is a really minimal example. It does nothing but set up some |
2804 | 2801 | things and then drop to an interactive shell. It is perfect to try out |
|
0 commit comments