You are not logged in.
I've encrypted my harddisk with dm-crypt/LUKS as it is described in the wiki.
I've created two key files, one for the root partition and one for the non-root partitions.
The key file for the root partition is saved hidden on a usb key as described in the chapter Storing the key between MBR and 1st partition.
The key file for the non-root partitions is currently saved as a file in /etc (/etc/keyfile).
In /boot/grub/menu.lst I have such a kernel parameter for the root partition:
cryptkey=/dev/usbkey:16531246:2048
(I've created a udev rule, which creates the device /dev/usbkey.)
And in /etc/crypttab I have such a line for the non-root partitions:
home /dev/hda3 /etc/keyfile
But this can be a security issue, if the root partition is mounted and the root account gets hacked, even if it's not that likely.
Is it possible to store the key file for the non-root partition hidden on a usb stick the same way as it can be done for the key file for the root partition as described in the wiki?
And what has to be entered in /etc/crypttab to access this hidden key?
Means, can /etc/crypttab also handle devices like /dev/usbkey:16531246:2048 or something similar?
Offline
Found out, that this is currently not possible, but I've filed a feature request.
Last edited by cyberpatrol (2009-06-10 23:24:48)
Offline