DM-CRYPT

sbl_sbl

New Member
Hi,

Once device mapper is mounted (/dev/mapper/encrypted_device), I would like to change the encrypted key on the fly without changing the device mapper content (plaintext),

Device mapper creation example
dd if=/dev/zero of=encypted.img count=20 bs=1M
losetup /dev/loop0 encrypted.img
mkdir /tmp/fsdir
echo "hello world" > /tmp/fsdir/file
mksquashfs /tmp/fsdir squashfs

dmsetup create encrypted_device --table '0 40960 crypt aes-cbc-essiv:sha256 babebabebabebabebabebabebabebabe 0 /dev/loop0 0'
dd if=squashfs of=/dev/mapper/encrypted_device


Now, I would like to update the encryption key by keeping the content of device mapper unchanged (only the content of encrypted.img shall be updated). If I remove the current device mapper (dmsetup remove) and create a new one by changing the key (dmsetup create), the plaitext in /dev/mapper/encrypted_device is changing. This behaviour is not expected.

I tried dmsetup load/reload --table and dmsetup suspend/resume but encrypted.img file remains the same.

Any idea to solve this challenge ?

Thanks in advance
 




Latest posts

Top