search for: luksopen

...for the poor? Yes, the server will, at some point in the future, >> go to CentOS 7, but that needs my user to be off for a while, and his jobs >> run literally for weeks, with loads upwords of 30 on an HBS (honkin' big >> server).... > > MAPDEVICE=/dev/sdxy ; cryptsetup luksOpen ${MAPDEVICE} luks-$(cryptsetup > luksUUID ${MAPDEVICE}) Something's not right. I did cryptsetup luksOpen /dev/sdb luks-$(cryptsetup luksUUID $(/dev/sdb)) --key-file /etc/crypt.pw It did want the password, so I added --key-file, but it seems to have created /dev/mapper/luks, not the full lu...

Upgraded a RAID. Copied everything from backup. And then my manager said I had to encrypt the drive. I've done that, and made the filesystem, but I can't mount it. CentOS 6. I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the luks UUID in /etc/fstab. I cannot find the command that tells it to create the device in /dev/mapper from the info in /etc/crypttab. Clues for

...he server will, at some point in the future, >>> go to CentOS 7, but that needs my user to be off for a while, and his jobs >>> run literally for weeks, with loads upwords of 30 on an HBS (honkin' big >>> server).... >> >> MAPDEVICE=/dev/sdxy ; cryptsetup luksOpen ${MAPDEVICE} luks-$(cryptsetup >> luksUUID ${MAPDEVICE}) > > Something's not right. I did > cryptsetup luksOpen /dev/sdb luks-$(cryptsetup luksUUID $(/dev/sdb)) > --key-file /etc/crypt.pw > > It did want the password, so I added --key-file, but it seems to have > cr...

...ab. > > Clues for the poor? Yes, the server will, at some point in the future, go > to CentOS 7, but that needs my user to be off for a while, and his jobs > run literally for weeks, with loads upwords of 30 on an HBS (honkin' big > server).... MAPDEVICE=/dev/sdxy ; cryptsetup luksOpen ${MAPDEVICE} luks-$(cryptsetup luksUUID ${MAPDEVICE}) MAPDEVICE=/dev/sdxy ; mount /dev/mapper/luks-$(cryptsetup luksUUID ${MAPDEVICE}) /mnt -- LF

https://gitlab.com/cryptsetup/cryptsetup/issues/488 This prevents virt-* tools from opening encrypted partitions automatically. Even 1024M isn't sufficient. I had to bump the memory up to 1400M to make it work, which is just too big for routine use. Even worse if the RAM size isn't quite large enough (eg 1200M) cryptsetup crashes. I'm not sure what to do about this now. The worst

...D MESSAGE----- >> Hash: SHA1 >> >> Hi all, >> >> I created a LUKS encrypted partition via a udev-triggered script on >> 6.6 using --key-file /tmp/foo. This worked fine, and I can decrypt the >> LUKS partition via script and manually using --key-file with luksOpen. >> >> The odd problem is that I can't decrypt the partition using the >> prompt. If I manually create a file with the passphrase in it and then >> point to it with --key-file, it decrypts fine. I used 'cat -A >> /tmp/foo' to verify that there was no ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I created a LUKS encrypted partition via a udev-triggered script on 6.6 using --key-file /tmp/foo. This worked fine, and I can decrypt the LUKS partition via script and manually using --key-file with luksOpen. The odd problem is that I can't decrypt the partition using the prompt. If I manually create a file with the passphrase in it and then point to it with --key-file, it decrypts fine. I used 'cat -A /tmp/foo' to verify that there was no '\n' at the end of the phrase. Is thi...

hi everyone, do we get to encrypt lvm pools in/with libvirt? I'm on Centos 7.x but see mention of it, not even on the net. Or in other words - can guests(lxc I'm thinking of) run off ecrypted lvm where at least the part when dev gets luksOpened is taken care of by libvirt? many thanks, L.

...here an easy way (cli) to enable a luks encrypted partition after reboot (a partition that was not enabled while booting, because not in the crypttab). I can execute the necessary command stack [1] but just wondering if there is an "enterprise/easy" way to do that ... [1] cryptsetup luksOpen $(blkid -t TYPE="crypto_LUKS" -o device) \ luks-$(cryptsetup luksUUID $(blkid -t TYPE="crypto_LUKS" -o device)) -- LF

Hi everyone, I added a page under the HowTos for Encryption, and then added a guide for encrypting /tmp /swap and /home using cryptsetup and LUKS keys on LVM, when you already have partitions setup. http://wiki.centos.org/HowTos/EncryptTmpSwapHome Regards, Max

Hello all, I posted the whole disk encryption instructions in the forum that has been briefly discussed on the list. I joined the list per Ned's post on the thread. http://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=15923&forum=42 I have a couple of questions about the process of creating a wiki. 1. How does the peer-review process work? 2. Is there a place

...3b6a with a > followup commit 9b837963 for libvirt 4.5.0 (June 2018) to "further > clarify" that only LUKS encryption is supported. > > > > > Or in other words - can guests(lxc I'm thinking of) run off ecrypted lvm > > where at least the part when dev gets luksOpened is taken care of by > > libvirt? > > It should work with the appropriate secret and volume being used. Only for the QEMU driver. AFAIR, we never wired up any luks support into the LXC driver. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dber...

Hi, I would like to be able to configure VMs running off dm-crypt devices that were unlocked in the host. Unlocked dm-crypt devices show up in /dev/mapper/devicename, with devicename being the second parameter given to cryptsetup luksOpen. The LVM storage pool type insists on searching in /dev/vgname and cannot be tricked into reading /dev/mapper by giving it a fake VG named mapper; the LVM storage pool type "dir" mishandles /dev/mapper/control ("illegal seek"). Is there a workaround to be able to use such devi...

Hi Chris, thanks for your answer. It is the first time I decided to encrypt my lvm. I choosed to encrypt the volume group, not every logical volume itself, because in case of doing lvm snapshots in that group they will be encrypted too? And how do I create a new encrypted volume group? Regards Tim Am 6. M?rz 2015 01:58:23 MEZ, schrieb Chris Murphy <lists at colorremedies.com>: >On

The following patch attempts to implement sparsification of LUKS-encrypted partitions. It uses lsblk to pair the underlying LUKS block device with its mapped name. Also, --allow-discards was added by default to luks_open(). There are several potential issues that I can think of: 1) If and entire device is encrypted (not just one of more partitions), the lsblk trick might not work. 2) The

...enience > the crypttype parameter may be omitted, and libguestfs will use a > heuristic (based on vfs-type output) to try to determine the correct > type to use. At least in my (non extensive) tests with cryptsetup, it seems it can detect the right format even without --type=format or the luksOpen/etc aliases. What I'd do is: - drop the autodetection: it is a mild duplication of what cryptsetup already does, and adding it in the API now means that it will be stuck there... - maybe (need to think about it) make the crypttype parameter mandatory, so the user has to select the right...

...c @@ -110,6 +110,7 @@ luks_open (const char *device, const char *key, const char *mapname, ADD_ARG (argv, i, "-d"); ADD_ARG (argv, i, tempfile); if (readonly) ADD_ARG (argv, i, "--readonly"); + ADD_ARG (argv, i, "--allow-discards"); ADD_ARG (argv, i, "luksOpen"); ADD_ARG (argv, i, device); ADD_ARG (argv, i, mapname); -- 2.24.1

...(Nov. 2017) via commit 2518fd3b6a with a followup commit 9b837963 for libvirt 4.5.0 (June 2018) to "further clarify" that only LUKS encryption is supported. > > Or in other words - can guests(lxc I'm thinking of) run off ecrypted lvm > where at least the part when dev gets luksOpened is taken care of by > libvirt? It should work with the appropriate secret and volume being used. John > > many thanks, L. > > _______________________________________________ > libvirt-users mailing list > libvirt-users@redhat.com > https://www.redhat.com/mailman/listi...

...og' which will show you the command Anaconda used when setting up your first drive. PLEASE make sure you don't use that command directly or it'll wipe the LUKS header on your current drive. You have to change the /dev/sdX designation to point to the new drive or partition. 2 cryptsetup luksOpen /dev/sdX newdrive 3. pvcreate /dev/mapper/newdrive 4. vgcreate newvg /dev/mapper/newdrive 5. lvcreate -L 300G -n morestuff newvg 6. mkfs.xfs /dev/mapper/newvg-morestuff Adapt as needed. Don't forget crypttab is used to point to the LUKS volume, once it's unlocked the PV is revealed and lvm...

...e: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi all, > > I created a LUKS encrypted partition via a udev-triggered script on > 6.6 using --key-file /tmp/foo. This worked fine, and I can decrypt the > LUKS partition via script and manually using --key-file with luksOpen. > > The odd problem is that I can't decrypt the partition using the > prompt. If I manually create a file with the passphrase in it and then > point to it with --key-file, it decrypts fine. I used 'cat -A > /tmp/foo' to verify that there was no '\n' at the end...