Overview
Request 56499 accepted
- new version 1.2.0
* Add selection of random/urandom number generator for luksFormat
(option --use-random and --use-urandom).
* Fix luksRemoveKey to not ask for remaining keyslot passphrase,
only for removed one.
* No longer support luksDelKey (replaced with luksKillSlot).
* if you want to remove particular passphrase, use luksKeyRemove
* if you want to remove particular keyslot, use luksKillSlot
Note that in batch mode luksKillSlot allows removing of any keyslot
without question, in normal mode requires passphrase or keyfile from
other keyslot.
* Default alignment for device (if not overridden by topology info)
is now (multiple of) *1MiB*.
This reflects trends in storage technologies and aligns to the same
defaults for partitions and volume management.
* Allow explicit UUID setting in luksFormat and allow change it later
in luksUUID (--uuid parameter).
* All commands using key file now allows limited read from keyfile using
--keyfile-size and --new-keyfile-size parameters (in bytes).
This change also disallows overloading of --key-size parameter which
is now exclusively used for key size specification (in bits.)
* luksFormat using pre-generated master key now properly allows
using key file (only passphrase was allowed prior to this update).
* Add --dump-master-key option for luksDump to perform volume (master)
key dump. Note that printed information allows accessing device without
passphrase so it must be stored encrypted.
This operation is useful for simple Key Escrow function (volume key and
encryption parameters printed on paper on safe place).
This operation requires passphrase or key file.
* The reload command is no longer supported.
Request History
lnussel created request
- new version 1.2.0
* Add selection of random/urandom number generator for luksFormat
(option --use-random and --use-urandom).
* Fix luksRemoveKey to not ask for remaining keyslot passphrase,
only for removed one.
* No longer support luksDelKey (replaced with luksKillSlot).
* if you want to remove particular passphrase, use luksKeyRemove
* if you want to remove particular keyslot, use luksKillSlot
Note that in batch mode luksKillSlot allows removing of any keyslot
without question, in normal mode requires passphrase or keyfile from
other keyslot.
* Default alignment for device (if not overridden by topology info)
is now (multiple of) *1MiB*.
This reflects trends in storage technologies and aligns to the same
defaults for partitions and volume management.
* Allow explicit UUID setting in luksFormat and allow change it later
in luksUUID (--uuid parameter).
* All commands using key file now allows limited read from keyfile using
--keyfile-size and --new-keyfile-size parameters (in bytes).
This change also disallows overloading of --key-size parameter which
is now exclusively used for key size specification (in bits.)
* luksFormat using pre-generated master key now properly allows
using key file (only passphrase was allowed prior to this update).
* Add --dump-master-key option for luksDump to perform volume (master)
key dump. Note that printed information allows accessing device without
passphrase so it must be stored encrypted.
This operation is useful for simple Key Escrow function (volume key and
encryption parameters printed on paper on safe place).
This operation requires passphrase or key file.
* The reload command is no longer supported.
oertel accepted request
Accepted submit request 56499 from user lnussel
