On 2016-11-26 22:06, Chan Ju Ping wrote:
On Saturday, November 26, 2016 9:51:01 PM CST Carlos E. R. wrote:
I have notes on the exact procedure somewhere, but the above might be enough of a hint to guide you. If not, I'll search for my notes.
I will search around for a guide with your hints. Thanks for the quick response!
Here they are. Device names obviously you have to change for your own. I see I also use scripts of my own (crypto_*), but you should be able to do without them. Otherwise, I can post a copy of them.
I'm a bit tired now, so I have not stopped to clarify points. I can explain another day.
Full disk encryption chaining with dm-crypt, cryptsetup and luks [TB]
Generate a random key, stored in a file in the first encrypted partition.
dd iflag=fullblock if=/dev/random of=the_hoard_keyfile bs=512 count=8
cryptsetup luksAddKey /dev/sdd1 /home/cer/Keys/the_hoard_keyfile crypto_unmap cr_hoard2 cryptsetup luksOpen --key-file=/home/cer/Keys/the_hoard_keyfile /dev/sdd1 cr_hoard2
crypto_mount cr_hoard2 crypto_unmap cr_hoard2
systemctl daemon-reload AmonLanc:~ # systemctl start systemd-cryptsetup@cr_hoard2
cr_hoard /dev/disk/by-uuid/f1f26736-b801-4c95-b1f0-f5de2ec77939 /home/cer/Keys/the_hoard_keyfile auto
AmonLanc:~ # cryptsetup luksOpen --key-file=/home/cer/Keys/the_hoard_keyfile /dev/sdb1 cr_hoard AmonLanc:~ # AmonLanc:~ # crypto_unmap cr_hoard Preparando. Cf. Device cr_hoard is not active. AmonLanc:~ # crypto_map cr_hoard Preparando. Cf. Enter passphrase for /dev/disk/by-uuid/f1f26736-b801-4c95-b1f0-f5de2ec77939: Error reading passphrase from terminal.
AmonLanc:~ # systemctl start systemd-cryptsetup@cr_hoard AmonLanc:~ #
Systemd recognizes this after insisting with systemctl daemon-reload, but not inmediately).