secure cryptsetup plain (non-LUKS)

Plausible denaibility: Something many geeks like ...
but luks is better ... since I can change the keys

Well,
   actually speaking you are not changing the key in luks. You are, to my knowledge, only adding more encrypted forms of key using different passphrases

I still believe plain dm-crypt is the best !

The way I do it !!! (prior setup of gpg and basic knowledge of gpg is necessary)

create a large (fairly) password

dd if=/dev/urandom of=<secure place>/key

gpg --encrypt  key

>>>Give your email ID here

create the DM

gpg -qd key.gpg | cryptsetup plainOpen  --key-file -  /dev/<device>   <mapping>

now use /dev/mapper/<mapping> (create FS, mount and store data)

Your key is to be safely kept probably in a memory stick in some locker.
gpg will decrypt your key each time you use the key.gpg
key.gpg is very safe and can be kept in filesystem anywhere

How to force deactivate a volume group

I use external harddisks a lot and most of them have PVs/VGs/LVs in them
If by chance the USB connection severs, the lvs go into state that every time you say lvscan or lvs, you see an IO error
How to get rid if that remenant activated vg
Remember: This is *NOT* for vgs with lvs which are currently active and mounted.

Safe way:

    Tryunmouting (force) all the open volumes mounted from that VG. After this issue the command

    vgchange -a n <vg name>

 

That may not work all the time.

Force it :
    example: my vg nameis vg001
    #   cd /dev/mapper
   #   for f in vg001-*; do dmsetup remove $f; done



This will remove the vg and will not be showing up as errors when doing any of the lvm related commands