[dm-crypt] passfrase or dev_random for keyfile of a dmcrypt_swap
Heinz Diehl
htd at fancy-poultry.org
Wed Apr 21 10:34:17 CEST 2010
On 20.04.2010, Si St wrote:
> To Heinz: Would not a pre-generated keyfile need to be opened by a passfrase?
No, the keyfile itself is the "passphrase". I'm not talking about the
master key here, what I mean is something like
dd if=/dev/urandom of=keyfile bs=64 count=1
cryptsetup luksFormat /dev/sdx /path/to/keyfile
You could now e.g. do something like
swap /dev/sdx /path/to/keyfile swap
in your crypttab, save the keyfile somewhere on the encrypted root
partition and open the swapspace using a bootscript after your root partition
has been mapped. You could then backup the keyfile in a safe place and use
it to map the swap partition manually if desired (in the scenario you
described).
More information about the dm-crypt
mailing list