[Pkg-cryptsetup-devel] keyfiles with dm-crypt and LUKS
David Härdeman
david at hardeman.nu
Sun Apr 22 18:52:33 UTC 2007
On Sun, Apr 22, 2007 at 01:10:56PM +0100, Matthew Johnson wrote:
>I recently installed etch and setup an encrypted volume. It didn't give
>me the option of using a keyfile, however. (for example, on a USB disk).
>Is this currently possible in Debian?
Not without manual hacking...I have something similar setup on my local
computer (which asks for a passphrase, hashes the passphrase and xor's
the result with the contents of a file from a usb key and uses this for
the root partition), but it is not in a releasable state yet (when it
is, I will add it of course).
>Is it just a problem with the installer?
No, both the installer and cryptsetup need to support it.
>If so, this is the root filesystem which is encrypted. Do the
>initramfs scripts support booting such a filesystem when the key is a
>keyfile?
You could always write a keyscript (see the keyscript parameter in the
crypttab man page) which mounts the usb key and reads the key from there.
--
David Härdeman
More information about the Pkg-cryptsetup-devel
mailing list