[Pkg-cryptsetup-devel] Bug#471727: cryptsetup: out-of-the-box support for using an USB stick as a key
David Härdeman
david at hardeman.nu
Fri Mar 21 22:59:14 UTC 2008
In bug #465902 we have the beginning of a utility for passphrase
prompts.
Once that is functional in cryptsetup I already have a small additional
c util that I've been working on which I'll add as a separate
"keyscript".
It takes a key file argument like:
/dev/disk/by-label/myusbkey:/keys/mykeyfile:options
During boot it will wait until /dev/disk/by-label/myusbkey appears,
mount it under /tmp/somewhere, look for /tmp/somewhere/keys/mykeyfile
and either:
use /tmp/somewhere/keys/mykeyfile as the key (passwordless boot)
or (depending on the options)
ask the user for a passphrase which will be hashed and XOR'ed together
with the keyfile (which gives something akin to two-factor security in
that you need both the usb key and the passphrase to boot).
And ultimately I'd like to add support for it to partman-crypto as well
(meaning that it can all be configured during initial installation).
But for now, I recommend patience :)
--
David Härdeman
More information about the Pkg-cryptsetup-devel
mailing list