[pkg-cryptsetup-devel] Bug#471727: passdev keyscript
Jonas Meurer
jonas at freesources.org
Tue Jul 29 00:08:16 UTC 2008
Hello,
to my understanding, the passdev keyscript recently written by David
Härdeman should implement the requested functionality.
please see section '10. The "passdev" keyscript' in README.initramfs.gz:
--- snip /usr/share/doc/cryptsetup/README.initramfs.gz ---
If you have a keyfile on a removable device (e.g. a USB-key), you can use the
passdev keyscript. It will wait for the device to appear, mount it read-only,
read the key and then unmount the device.
The "key" part of /etc/crypttab will be interpreted as <device>:<path>, it is
strongly recommended that you use one of the persistent device names from
/dev/disk/*, e.g. /dev/disk/by-label/myusbkey.
This is an example of a suitable line in cryptsetup:
cryptroot /dev/hda2 /dev/disk/by-label/myusbkey:/keys/root.key cipher=aes-cbc-essiv:sha256,size=256,hash=plain,keyscript=/lib/cryptsetup/scripts/passdev
The above line would cause the boot to pause until /dev/disk/by-label/myusbkey
appears in the fs, then mount that device and use the file /keys/root.key
on the device as the key (without any hashing) as the key for the fs.
--- snap /usr/share/doc/cryptsetup/README.initramfs.gz ---
greetings,
jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20080729/8306c53e/attachment.pgp
More information about the pkg-cryptsetup-devel
mailing list