[Pkg-cryptsetup-devel] keyfiles with dm-crypt and LUKS

David Härdeman david at hardeman.nu
Sun Apr 22 18:52:33 UTC 2007


On Sun, Apr 22, 2007 at 01:10:56PM +0100, Matthew Johnson wrote:
>I recently installed etch and setup an encrypted volume. It didn't give
>me the option of using a keyfile, however. (for example, on a USB disk).
>Is this currently possible in Debian?

Not without manual hacking...I have something similar setup on my local 
computer (which asks for a passphrase, hashes the passphrase and xor's 
the result with the contents of a file from a usb key and uses this for 
the root partition), but it is not in a releasable state yet (when it 
is, I will add it of course).

>Is it just a problem with the installer?

No, both the installer and cryptsetup need to support it.

>If so, this is the root filesystem which is encrypted. Do the
>initramfs scripts support booting such a filesystem when the key is a
>keyfile?

You could always write a keyscript (see the keyscript parameter in the
crypttab man page) which mounts the usb key and reads the key from there.

-- 
David Härdeman




More information about the Pkg-cryptsetup-devel mailing list