No description
Heiko Schlittermann
b6b5cfd6bc
Reviewed-on: #4 Reviewed-by: Heiko Schlittermann <hs@schlittermann.de> |
||
|---|---|---|
| debian | ||
| .gitignore | ||
| .shellcheckrc | ||
| luks-keyscript | ||
| luks-keyscript.conf.ex | ||
| luks-keyscript.initramfs-hook | ||
| Makefile | ||
| README.md | ||
| zzz-getopt.ex | ||
| zzz-util-linux-mount.ex | ||
Keyscript for luks unlocking via USB stick
This is a simple keyscript that can used to automatically open
a Luks device with a key stored in a removable file system (e.g. USB
stick).
Preparation
This section explains how to use an USB stick for holding the Luks passphrase. For complete and up-to-date information please consult the manpage.
-
Create a file system on the USB stick
-
Get the UUID of the block device containing this file system (not the file system UUID, but the UUID of the block device!)
-
Create the Luks key on this filesystem (e.g. with file name
key)head -c 128 </dev/random > .../key -
Create a config file
/etc/luks-keyscript.conf# configuration for luks-keyscript # Format # target: settings # where settings are key=value pairs for # - dev: device description (e.g. "UUID=abcd-efgh" or "LABEL=xyz") # for the *block* device containing the filesystem and file # - fs: file type on the above mentioned block device (e.g. "ext4") # - file: file name relativ to the root of the above file system #ex: md1_crypt dev=UUID=c2720d9f-53d0-4150-94d8-0a55e4d212d0 fs=ext4 file=key -
Edit the
/etc/crypttabaccordingly:<TARGET> <SOURCE> none keyscript=/usr/bin/luks-keyscript,luks,discard -
Re-Create the initrd.