You are not logged in.
I'm trying to create a secure shared workstation to be used by people I trust.
- The root of the workstation should be encrypted
- Each (real-life) user must have their home directory contents stored encrypted on their USB-stick
I'm wondering whether the following is possible with Archlinux:
Each user would have an USB-stick containing one encrypted partition (using LUKS). The workstation would have an encrypted root (also using LUKS) using a single key which is stored on each of the encrypted USB-sticks (say in the file secure_pc_key).
(1) On boot, the user would have his/her USB-stick inserted into the workstation. He/she would enter the passphrase to unlock the encrypted partition on their USB-stick, and the key for the encrypted root will be read from the secure_pc_key file on the unlocked partition on the USB-stick.
(2) The partition on the USB stick will be mounted to be used as the home directory for the user user (yes, that's a single username for all the different real-life users) and user will be automatically logged in.
This is slightly different from the 'using a usb stick as the key to your encrypted root'-technique as described on the LUKS_Encrypted_Root wiki.
Any idea's/pointers?
Offline
Could someone move this post to 'Desktop Environments'? I'm getting the impression I posted this in the wrong subforum.
Offline