[dm-crypt] Encrypting several disks with the same password + keyfile combinaison

Xavier MONTILLET xavierm02.net at gmail.com
Mon Apr 14 21:24:47 CEST 2014


I have a laptop with a SSD (which will contain the root) and a HDD (which
will contain space-consuming things such as /home) and I would like to
encrypt everything it contains with a keyfile and a password. I also have a
non-encrypted USB key that will contain /boot and the initrd. I also would
like to be able to backup the keyfile easily without having to back up
something actually bigger than the keyfile.

After reading the whole FAQ, what I've understood leads me to organize
things as follow:

--- (A) Disk layout ---

- Two unencrypted partitions on the USB key:
  * boot-fs: will be mounted as /boot and contains the initrd
  * key-fs: will contain the keyfile (it is not on boot-fs because there is
no point keeping it mounted after leaving the initrd, and I can always
mount it manually if I need it to change the password protecting the master
- One encrypted partition on the SSD:
  * root-fs: will be mounted at /
- Several encrypted partitions (meaning several LVM partition all sharing
the same encryption):
  * swap-fs
  * var-fs
  * home-fs
  * ...

--- (B) Ensure that both password and keyfile are required ---

(1) The original idea was to encrypt key-fs with the password, hence making
sure that both the password and the USB key are needed to decrypt the other
disks. But I want to be able to easily back up the keyfile (where backing
up means writing it on a paper without the use of a printer). And
encrypting key-fs would mean adding a lot of "useless" bytes around the

(2) Hence the second idea: Since I'll have to play with initrd anyway
(because by default, it doesn't like mounting a system that isn't the new
root first), I could write a script that would prompt me for the password,
concatenate it with the content of the keyfile and use that as key. I
wanted to know whether this looks to you like a terrible idea or not.

(3) I am of course open to a third option but I couldn't find any.

--- (C) Encryption of the actual data ---

(1) About the encryption of the actual data, I have 3 options:
- (a) Use dm-crypt directly and assume the concatenation of a user-typed
password and a keyfile of random bits something can (safely) be used as a
master password (is this true?).
- (b) Use LUKS (which I would prefer to avoid, if it doesn't comprimise the
security, because it adds a weak spot against disk failure: the header)

(2) Then, since I have several partitions, I have to decide between:
- (a) Using decrypt_derived (that would be simpler but the FAQ says that's
not what it's intended for)
- (b) Starting by decrypting a partition containing one keyfile per
remaining encrypted volume (or just one for all of them?). And I again have
the choice of LUKS vs dm-crypt but here, since the keyfile is random, there
must be little difference between the two so I'd go with dm-crypt.


Thank you in advance for you answers,

Xavier Montillet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20140414/5accc4bf/attachment.html>

More information about the dm-crypt mailing list