Migration from Native Cryptsetup to ProtectApp LUKS

This section provides the steps to migrate from Native Cryptsetup to ProtectApp LUKS.

1. Open the encrypted disk.

   cryptsetup luksOpen /dev/<diskname> backup
   

2. Dump the existing header information of the ProtectApp LUKS device.

   cryptsetup luksDump /dev/<diskname>
   

3. Install the ProtectApp LUKS.

   Note

   While migrating from native cryptsetup to ProtectApp LUKS, you can update the /etc/ks_user_config file with the following changes:

   • Set the 'enable' parameter as 'no' - This will act as a native cryptsetup for password validation.

   • Set the 'enable' parameter as 'yes' - This implies ProtectApp-LUKS is enabled, otherwise normal ProtectApp LUKS cryptsetup functionality is used.

4. Set the 'enable' parameter as 'no' in /etc/ks_user_config file.

5. Next, add a backup key and provide the existing ProtectApp LUKS passphrase (LUKS key) to the native /dev/<diskname> ProtectApp LUKS encrypted partition.

   a. Execute the following command:

   cryptsetup luksAddKey /dev/<diskname>
   Enter any passphrase: <use existing passphrase>
   

   b. Before providing the new passphrase, open a new terminal and set the 'enable' parameter in /etc/ks_user_config file as 'yes'. Now, provide the new passphrase in previous command terminal mentioned in step 5(a).

   Enter new passphrase for key slot:<use CM passphrase>
   Verify passphrase:<use CM passphrase>
   

   This completes the migration from Native Cryptsetup to ProtectApp LUKS.

6. To verify the status of the encrypted volume:

   cryptsetup -v status backup
   

   For example,

   cryptsetup -v status backup
   

   Output:

   /dev/mapper/backup is active.
   type: LUKS2
   cipher: aes-xts-plain64
   keysize: 512 bits
   key location: keyring
   device: /dev/sdb
   sector size: 512
   offset: 32768 sectors
   size: 33521664 sectors
   mode: read/write
   Command successful.