LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-25-2009, 10:18 AM   #1
lucmove
Member
 
Registered: Aug 2005
Location: Brazil
Distribution: Debian Wheezy, Slackware
Posts: 604

Rep: Reputation: 69
How to use key file instead of password for LUKS encrypted file systems?


I've been using LUKS encryption on my home partition for years and always typed my password at boot. Now I have an extra hard disk with encryption and have to type two passwords. So I thought I would have a key file inside my home partition to automate decryption of the second HD. I ran these commands:

# dd if=/dev/random of=/home/luc/keyfile bs=256 count=1

# cryptsetup --key-file=/home/luc/keyfile luksAddKey /dev/sdb1

# cryptsetup luksAddKey /dev/sdc1 /home/luc/keyfile

I don't remember which of the two last lines worked, but cryptsetup accepted it and 'cryptsetup luksDump' confirms the new slot.

But I still have to type two passwords at boot. What am I doing wrong?

TIA
 
Old 06-26-2009, 07:51 PM   #2
mostlyharmless
Senior Member
 
Registered: Jan 2008
Distribution: Slackware -current (multilib) with kernel 3.16.2
Posts: 1,566
Blog Entries: 13

Rep: Reputation: 178Reputation: 178
You have to modify the initrd to read the keyfile. I'm not at my computer so I can't remember exactly how I set that up (I read mine from a removable drive), but it's not hard. (after all I figured it out!) I'll post it later if I get the chance.
 
Old 06-30-2009, 10:17 AM   #3
mostlyharmless
Senior Member
 
Registered: Jan 2008
Distribution: Slackware -current (multilib) with kernel 3.16.2
Posts: 1,566
Blog Entries: 13

Rep: Reputation: 178Reputation: 178
Let's say the keyfile is file "arggh" on a drive mounted under /zip (previously done by the initrd) then replace lines like

# /sbin/cryptsetup luksOpen ${LUKSDEV} $CRYPTDEV </dev/systty >/dev/systty 2$

with

/sbin/cryptsetup -d /zip/arggh luksOpen ${LUKSDEV} $CRYPTDEV

in /boot/initrd-tree/init; then remake the initrd with mkinitrd (no parameters)

Last edited by mostlyharmless; 06-30-2009 at 11:41 AM. Reason: added line for clarity
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
retrieve AES encrypted file,key available 83aqua Linux - Newbie 1 05-13-2009 04:02 PM
Encrypted file systems hamish Linux - Enterprise 2 02-15-2005 01:41 PM
Question Re Encrypted File Systems TruckStuff Linux - Security 1 01-30-2005 08:13 PM
Encrypted File Systems sovietpower Linux - Security 3 08-28-2004 04:49 AM
Encrypted file systems? jbeedham Linux - Security 4 07-06-2004 01:19 PM


All times are GMT -5. The time now is 11:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration