[dm-crypt] Using a removable-device-recorded passphrase to decrypt a system

Arbiel (gmx) arbiel.perlacremaz at gmx.fr
Thu Jun 25 16:57:33 CEST 2015


Hi

I decided to use a 512-byte randomly generated passphrase to crypt my
system partition. I recorded this passphrase on a removable device (USB
key) and correctly wrote the crypttab and fstab files and updated my
initrd.img for all this to work.

I am anxious now to replicate my passphrase on additionnal USB keys, in
case my primary USB key get lost or damaged.

For some reasons, I cannot name all partitions where my passphrase will
be recorded with a unique label.

I tried to write several lines in the crypttab file for defining as many
passphrase locations as necessary such as
root UUID=uuid /dev/disk/by-label/USBkey1/passphrase:x
luks,keyscript=/lib/cryptsetup/scripts/passdev
root UUID=uuid /dev/disk/by-label/USBkey2/passphrase:x
luks,keyscript=/lib/cryptsetup/scripts/passdev
and so on, but this does not work.

I thank in advance anybody who can advise me on how to solve this issue.

Arbiel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20150625/f9afff7f/attachment.asc>


More information about the dm-crypt mailing list