On Tuesday 14 October 2008 11:18:33 Carlos E. R. wrote:
On Tuesday, 2008-10-14 at 09:54 +0100, Bob Williams wrote:
Following the spate of lost government laptops and hard drives in the UK recently, I decided to encrypt the /home partition on my laptop. And, no, it doesn't contain any state secrets ;)
When I boot up, I now have to type in the passphrase to allow mounting of /home, as expected. What I would like to do is put a passphrase onto a USB memory stick, which would have to be present to allow the machine to boot properly.
I have created a textfile on the memory stick called (for the sake of argument) /media/disk/this_is_my_passphrase, which contains the one line passphrase which I created with the following:
I'm not clear on how to do it, but the best thing seems to beto have a passphrase in "biological memory", and a... ¿long key? in external media.
# cryptsetup luksAddKey /dev/sda3 /media/disk/this_is_my_passphrase
How do get the system to mount the USB memory stick *before* it tries to mount /home, so that the alternative passphrase can be found?
That part I know :-)
You can not use "fstab", or the system will fail booting if the stick is not in, and go into fsck mode. But you can add an init script that mounts the stick if present. The stick filesystem should have a label to make this easier.
If you don't know how to make that script, ask again :-)
Great! Yes, please. I'm ready for my script writing tutorial :) The reason I want to do this is 1) I like learning new tricks, 2) I'd like to make it difficult for anyone who stole/found my laptop to get into it. OTOH I don't want it to be too cumbersome for me to use, hence this compromise between an open system and a long passphrase held in 'biological memory'. Thanks, Bob -- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.11-0.1-default, KDE 4.1.1 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org