What is contained inside the LUKS header ? I know, the header has size of 2MB. Also, cryptsetup supports “detached header”, where the header can be stored in a separate file.
Thus, for example, I can format luks device and specify detached header in a separate file:
dd if=/dev/zero of=LUKS-HEADER bs=1M count=2
cryptsetup luksFormat /dev/sdb1 --header LUKS-HEADER --align-payload=0
IIUC, this format operation only writes to the header. The disk partition is not modified (I checked with md5sum). So why does cryptsetyp luksFormat require specifying the device (/dev/sdb1) ?
Can I share one header for multiple luks devices ?
UPDATE
after further investigation, it seems to me that the first 4096 B of the header contain the header information, which is being printed with cryptsetup luksDump.
What is stored in the remaining part of the 2MB file is a mystery to me. It seems to be overwritten with random data (I filled it the with zeros initially, so I can see the difference). Also, the 2MB file is absolutely un-compressible. Further indication of random/encrypted data.
Can somebody please authoritatively explain what is contained in the 2 MB LUKS header?
