LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-25-2009, 09:18 AM   #1
lucmove
Member
 
Registered: Aug 2005
Location: Brazil
Distribution: Lubuntu, Slackware
Posts: 575

Rep: Reputation: 64
How to use key file instead of password for LUKS encrypted file systems?


I've been using LUKS encryption on my home partition for years and always typed my password at boot. Now I have an extra hard disk with encryption and have to type two passwords. So I thought I would have a key file inside my home partition to automate decryption of the second HD. I ran these commands:

# dd if=/dev/random of=/home/luc/keyfile bs=256 count=1

# cryptsetup --key-file=/home/luc/keyfile luksAddKey /dev/sdb1

# cryptsetup luksAddKey /dev/sdc1 /home/luc/keyfile

I don't remember which of the two last lines worked, but cryptsetup accepted it and 'cryptsetup luksDump' confirms the new slot.

But I still have to type two passwords at boot. What am I doing wrong?

TIA
 
Old 06-26-2009, 06:51 PM   #2
mostlyharmless
Senior Member
 
Registered: Jan 2008
Distribution: Slackware -current (multilib) with kernel 3.15.5
Posts: 1,497
Blog Entries: 12

Rep: Reputation: 155Reputation: 155
You have to modify the initrd to read the keyfile. I'm not at my computer so I can't remember exactly how I set that up (I read mine from a removable drive), but it's not hard. (after all I figured it out!) I'll post it later if I get the chance.
 
Old 06-30-2009, 09:17 AM   #3
mostlyharmless
Senior Member
 
Registered: Jan 2008
Distribution: Slackware -current (multilib) with kernel 3.15.5
Posts: 1,497
Blog Entries: 12

Rep: Reputation: 155Reputation: 155
Let's say the keyfile is file "arggh" on a drive mounted under /zip (previously done by the initrd) then replace lines like

# /sbin/cryptsetup luksOpen ${LUKSDEV} $CRYPTDEV </dev/systty >/dev/systty 2$

with

/sbin/cryptsetup -d /zip/arggh luksOpen ${LUKSDEV} $CRYPTDEV

in /boot/initrd-tree/init; then remake the initrd with mkinitrd (no parameters)

Last edited by mostlyharmless; 06-30-2009 at 10:41 AM. Reason: added line for clarity
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
retrieve AES encrypted file,key available 83aqua Linux - Newbie 1 05-13-2009 03:02 PM
Encrypted file systems hamish Linux - Enterprise 2 02-15-2005 12:41 PM
Question Re Encrypted File Systems TruckStuff Linux - Security 1 01-30-2005 07:13 PM
Encrypted File Systems sovietpower Linux - Security 3 08-28-2004 03:49 AM
Encrypted file systems? jbeedham Linux - Security 4 07-06-2004 12:19 PM


All times are GMT -5. The time now is 12:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration