summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsajolida <sajolida@pimienta.org>2019-08-22 17:14:15 +0000
committersajolida <sajolida@pimienta.org>2019-08-22 17:14:15 +0000
commit95513205740814aaaa439842d992e94280193c4a (patch)
tree5decd26e80edd522a7417859e718ec87d83b2135
parenta7bb741500804d808d4418d3e318295c98923242 (diff)
Explain how we could unlock the backup Persistence without password
-rw-r--r--wiki/src/blueprint/backups.mdwn11
1 files changed, 7 insertions, 4 deletions
diff --git a/wiki/src/blueprint/backups.mdwn b/wiki/src/blueprint/backups.mdwn
index 96cff5b..8b8c384 100644
--- a/wiki/src/blueprint/backups.mdwn
+++ b/wiki/src/blueprint/backups.mdwn
@@ -106,10 +106,13 @@ Implementation note:
- It might be possible to reuse the same LUKS header to create the
backup Persistence without prompting for a passphrase.
- At first glance, cryptsetup luksHeaderBackup/luksHeaderRestore should
- work to create that backups LUKS volume; and then, to unlock it, one
- could dump the master key from memory and pass it to cryptsetup open
- --master-key-file.
+ At first glance:
+
+ * To create the backup Persistence,
+ <span class="command">cryptsetup luksHeaderBackup/luksHeaderRestore</span> should work.
+ * To unlock the backup Persistence,
+ <span class="command">sudo dmsetup table --showkeys TailsData_unlocked</span> should dump the master key from memory and
+ <span class="command">cryptsetup --master-key-file</span> should unlock with the master key.
Update
------