I've been using LUKS encryption on my home partition for years and always typed my password at boot. Now I have an extra hard disk with encryption and have to type two passwords. So I thought I would have a key file inside my home partition to automate decryption of the second HD. I ran these commands:

# dd if=/dev/random of=/home/luc/keyfile bs=256 count=1

# cryptsetup --key-file=/home/luc/keyfile luksAddKey /dev/sdb1

# cryptsetup luksAddKey /dev/sdc1 /home/luc/keyfile

I don't remember which of the two last lines worked, but cryptsetup accepted it and 'cryptsetup luksDump' confirms the new slot.

But I still have to type two passwords at boot. What am I doing wrong?

TIA

You have to modify the initrd to read the keyfile. I'm not at my computer so I can't remember exactly how I set that up (I read mine from a removable drive), but it's not hard. (after all I figured it out!) I'll post it later if I get the chance.

Let's say the keyfile is file "arggh" on a drive mounted under /zip (previously done by the initrd) then replace lines like

# /sbin/cryptsetup luksOpen ${LUKSDEV} $CRYPTDEV </dev/systty >/dev/systty 2$

with

/sbin/cryptsetup -d /zip/arggh luksOpen ${LUKSDEV} $CRYPTDEV

in /boot/initrd-tree/init; then remake the initrd with mkinitrd (no parameters)