computer:ubuntu:keyfile-based_luks_decryption

This is an old revision of the document!

from https://davidyat.es/2015/04/03/encrypting-a-second-hard-drive-on-ubuntu-14-10-post-install/

Siehe auch dieser c't-Artikel ct.21.21.158-160.pdf 

# Create keyfile on encrypted partition
sudo dd if=/dev/urandom of=/srv/.keyfile bs=1024 count=4
sudo chmod 0400 /srv/.keyfile
sudo cryptsetup luksAddKey /dev/sdc1 /srv/.keyfile
# Now another key slot should be taken
cryptsetup luksDump /dev/sdc1

To decrypt the backupdisk manually 

cryptsetup luksOpen /dev/sdc1 enc-backupCopy1 --key-file=/srv/.keyfile 
# The value you want is the UUID of /dev/sd?X, not dev/mapper/sd?X_crypt. 
# Also make sure to copy the UUID, not the PARTUUID.
blkid

Now that the keyfile’s been made, you’ll need to add the following line to /etc/crypttab to automatically use it to unlock the partition on startup. 

# /etc/crypttab  
# (New encrypted partition with keyfile that was generated)
sd?X_crypt UUID=<device UUID> /root/.keyfile luks,discard	
# /etc/fstab
/dev/mapper/sd?X_crypt  /<mount-point>   ext4    defaults        0       2
  • computer/ubuntu/keyfile-based_luks_decryption.1636957161.txt.gz
  • Last modified: 2021/11/15 06:19
  • by springm