-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2008-10-14 at 09:54 +0100, Bob Williams wrote:
Following the spate of lost government laptops and hard drives in the UK recently, I decided to encrypt the /home partition on my laptop. And, no, it doesn't contain any state secrets ;)
When I boot up, I now have to type in the passphrase to allow mounting of /home, as expected. What I would like to do is put a passphrase onto a USB memory stick, which would have to be present to allow the machine to boot properly.
I have created a textfile on the memory stick called (for the sake of argument) /media/disk/this_is_my_passphrase, which contains the one line passphrase which I created with the following:
I'm not clear on how to do it, but the best thing seems to beto have a passphrase in "biological memory", and a... ¿long key? in external media.
# cryptsetup luksAddKey /dev/sda3 /media/disk/this_is_my_passphrase
How do get the system to mount the USB memory stick *before* it tries to mount /home, so that the alternative passphrase can be found?
That part I know :-) You can not use "fstab", or the system will fail booting if the stick is not in, and go into fsck mode. But you can add an init script that mounts the stick if present. The stick filesystem should have a label to make this easier. If you don't know how to make that script, ask again :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEUEARECAAYFAkj0cgIACgkQtTMYHG2NR9UxuQCeKanMJbbAU3BV7WTLR0Mpyamv mPYAmJjT4vAdhD0GOG1Z6M0quumIxtY= =xOSy -----END PGP SIGNATURE-----