From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Sun, 8 Dec 2019 17:59:58 +0100 (CET) Received: by mail-wm1-x332.google.com with SMTP id q9so12912811wmj.5 for ; Sun, 08 Dec 2019 08:59:58 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Chris Murphy Date: Sun, 8 Dec 2019 09:59:41 -0700 Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [dm-crypt] LUKS2 support for null/plaintext target List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Sat, Dec 7, 2019 at 2:42 AM Michael Kj=C3=B6rling = wrote: > > On 6 Dec 2019 16:10 -0700, from lists@colorremedies.com (Chris Murphy): > > The use case is to make it possible for software installers to make > > future encryption possible for a volume without need to > > repartition/reformat. > > Wouldn't a normal LUKS container with an empty passphrase meet that > use case just as well? Maybe? The main idea is to enable a distro/OS installer to avoid interactivity and UI for setting up encrypted volumes, but make it possible to setup and enabled post-install. I haven't tried it, but does 'cryptsetup luksFormat' permit an empty passphrase? And if it's empty, would 'cryptsetup luksOpen' open it without a passphrase or keyfile? --=20 Chris Murphy