You are not logged in.
- Topics: Active | Unanswered
#1 2016-08-11 21:33:33
- 1Niklas
- Member
- From: Berlin, Germany
- Registered: 2016-08-11
- Posts: 6
[SOLVED] Have keyfile to unlock LUKS partition on 2 USB drives
Hi,
I have a LUKS encrypted lvm partition, which I can unlock with a passphrase.
I then created a keyfile and copied it onto a partition on an USB drive.
So far everything works and I don't need to enter a passphrase, when the USB drive is connected to my PC
/etc/default/grub...
GRUB_CMDLINE_LINUX="cryptdevice=UUID=fad9ae9b-1836-41d5-a57d-d695317d7462:lvm cryptkey=/dev/disk/by-uuid/a3caaf61-717a-4ca5-997a-b0d5cfe826b9:ext2:/keyfile root=/dev/mapper/VolG-root"Is it somehow possible to have the keyfile copied onto another USB drive, so that the partition automatically unlock when at least one of the USB drives is connected to my PC?
I tried
/etc/default/grub...
GRUB_CMDLINE_LINUX="cryptdevice=UUID=fad9ae9b-1836-41d5-a57d-d695317d7462:lvm cryptkey=/dev/disk/by-uuid/a3caaf61-717a-4ca5-997a-b0d5cfe826b9:ext2:/keyfile cryptkey=/dev/disk/by-uuid/19612865-073e-459f-8929-a4239e6ab094:ext2:/keyfile root=/dev/mapper/VolG-root"but then I have to enter a passphrase, regardless of whether I've connected none, one or both of the USB drives
Keyfile could not be opened. Reverting to passphraseI also don't want to use /dev/sdd2 instead of an UUID, because I think this produces more problems than it solves.
I'd really appreciate it, if someone could help me with this problem 
Last edited by 1Niklas (2016-08-12 17:00:22)
Offline
#2 2016-08-11 22:19:46
- FlyingHappy
- Member
- From: Cincinnati, OH
- Registered: 2011-04-18
- Posts: 192
Re: [SOLVED] Have keyfile to unlock LUKS partition on 2 USB drives
Somebody correct me if I am wrong, but wouldn't dd copying the USB drives give the same UUID for both devices solving this issue?
Offline
#3 2016-08-11 22:35:59
- frostschutz
- Member
- Registered: 2013-11-15
- Posts: 1,418
Re: [SOLVED] Have keyfile to unlock LUKS partition on 2 USB drives
This would also be my suggestion, for a quick and dirty hack, give both the same UUID (or LABEL). No need to dd copy, you can usually just set the UUID directly using some filesystem tool. (tune2fs -U uuid for ext)
But you have to keep this in mind, if you are not aware that you have duplicate UUIDs, it can really bite you in the rear end...
If you want to do it properly, add a custom hook that does whatever.
Last edited by frostschutz (2016-08-11 22:36:29)
Offline
#4 2016-08-12 17:00:14
- 1Niklas
- Member
- From: Berlin, Germany
- Registered: 2016-08-11
- Posts: 6
Re: [SOLVED] Have keyfile to unlock LUKS partition on 2 USB drives
Thank you guys
I gave both of the partitions the same label, which doesn't seem to be a problem, as they both only have the file to unlock the encrypted partition on it
Offline