[dm-crypt] passfrase or dev_random for keyfile of a dmcrypt_swap

Heinz Diehl htd at fancy-poultry.org
Wed Apr 21 10:34:17 CEST 2010


On 20.04.2010, Si St wrote: 

> To Heinz: Would not a pre-generated keyfile need to be opened by a passfrase?

No, the keyfile itself is the "passphrase". I'm not talking about the
master key here, what I mean is something like

 dd if=/dev/urandom of=keyfile bs=64 count=1
 cryptsetup luksFormat /dev/sdx /path/to/keyfile
 
You could now e.g. do something like

 swap /dev/sdx /path/to/keyfile swap
 
in your crypttab, save the keyfile somewhere on the encrypted root
partition and open the swapspace using a bootscript after your root partition 
has been mapped. You could then backup the keyfile in a safe place and use
it to map the swap partition manually if desired (in the scenario you
described).



More information about the dm-crypt mailing list