You are not logged in.
- Topics: Active | Unanswered
#1 2008-09-28 00:06:07
- DarkDEUS
- Member
- Registered: 2008-09-27
- Posts: 5
Init Boot-Up Decryption (is this possible?)
Hey guys, I have a quick question. My partitions (root and swap) are encrypted by LUKS using a GnuPG encrypted keyfile which is located on my
TrueCrypt encrypted USB drive. Is the init script capable of decrypting my USB drive to gain access to the GnuPG encrypted keyfile, where it could then
decrypt the GnuPG keyfile and thus parse the output over to LUKS for it to decrypt the partitions? Thanks.
Last edited by DarkDEUS (2008-09-28 00:06:34)
Offline
#2 2008-09-28 07:26:47
- bender02
- Member
- From: UK
- Registered: 2007-02-04
- Posts: 1,328
Re: Init Boot-Up Decryption (is this possible?)
No, with the current state of things, you can only use a key on an unencrypted USB with your setup.
[EDIT: Forgot the say, gpg decryption of keys is also not supported.]
Few remarks: this needs to be done *before* the root partition is mounted (obviously), hence it's the initramfs which needs to do it. Initramfs on arch is automatically generated on kernel updates, the package is mkinitcpio. See http://wiki.archlinux.org/index.php/Mkinitcpio See also http://wiki.archlinux.org/index.php/LUKS
So, if you want to make your setup work, what you need to do is to understand how the things are done, and then modify the encrypt hook (part of the cryptsetup package). Or you can create the whole initramfs yourself, not relying on mkinitcpio.
Last edited by bender02 (2008-09-28 07:29:03)
Offline