[Pkg-cryptsetup-devel] Bug#475838: Bug#475838: Would like to use decrypt_derived with a source mapping other than that of the root filesystem
Jonas Meurer
jonas at freesources.org
Thu Jun 19 14:04:45 UTC 2008
On 19/06/2008 Sam Morris wrote:
> On Thu, 2008-06-19 at 14:37 +0200, Jonas Meurer wrote:
> > On 20/05/2008 David Härdeman wrote:
> > > Wouldn't it be a solution to reverse the dependency so that /home uses a
> > > key derived from swap's key?
> >
> > Sam, could you comment on this suggestion?
>
> I guess it's possible, but I haven't had time to test it out since I
> don't know how to switch to it without doing a backup/restore cycle.
>
> I'd also like to add an additional key to the home device so that if I
> screw up my swap partition, the home partition is also not destroyed...
> the output of 'cryptsetup luksDump' implies that this is possible but I
> don't know if doing so will interfere with cryptsetup, etc.
If you're talking about luks devices, 'cryptsetup luksAddKey' is your
friend.
One of the biggest advantages of LUKS over plain dm-crypt is that it
supports more than one keys, where key may either be a passphrase or a
keyfile.
See the cryptsetup manpage for more information, or feel free to ask if
any questions remain.
greetings,
jonas
More information about the Pkg-cryptsetup-devel
mailing list