Hi, Am 22.01.19 um 08:45 schrieb Adam Mizerski:
1) There was a similar thread, you might find interesting: https://lists.opensuse.org/archive/opensuse/2018-12/msg00127.html
thanks for the pointer. I missed that.
2) Show a link to the howto you found.
https://github.com/cornelinux/yubikey-luks https://www.golem.de/news/systemverschluesselung-yubikeys-zwei-faktor-authen... (german, pretty much a translation from teh github README)
3) LUKS has 8 slots for various keys to unlock the partition. You can set up 3 passwords and 2 keyfiles and you need at least one to unlock (https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Key_manageme...). This should keep you safe from loosing access to your data.
That around the lines I found already. But for me this stops pretty immediately when trying to check prerequisites. # cryptsetup status /dev/mapper/cr_home /dev/mapper/cr_home is active and is in use. type: LUKS1 cipher: aes-xts-plain64 keysize: 256 bits key location: dm-crypt device: /dev/nvme0n1p7 sector size: 512 offset: 4096 sectors size: 888360960 sectors mode: read/write but # cryptsetup luksDump /dev/mapper/cr_home Device /dev/mapper/cr_home is not a valid LUKS device. So I'm not even sure I can continue to add keys. The encrypted FS is what YaST created when I installed Tumbleweed roughly a year ago. Is it usable at all? Seems I need a virtual playground first before trying to fiddle with my real hardware and break something. Wolfgang
W dniu 21.01.2019 o 23:26, Wolfgang Rosenauer pisze:
as I understand from searching around it should be possible to do something like 2FA for crypto devices (LUKS). Or at least some challenge response.
I've got a Yubikey and I found an Ubuntu howto. Because this is a bit of a risky implementation when my crypted home partition is not accessible anymore I'm a bit hesitant to experiment like I do typically.
Therefore: Does anyone have a pointer to an HOWTO which works for openSUSE Tumbleweed?
Thanks, Wolfgang