[dm-crypt] Decrypt a volume without user intervention
Carlos E. R.
robin.listas at telefonica.net
Wed Aug 23 15:33:32 CEST 2017
On 2017-08-23 10:32, Marco Cavallini wrote:
> 2017-08-22 17:09 GMT+02:00 Carlos E. R. <robin.listas at telefonica.net>:
>> I'm not a guru, but I do that easily.
>> cr_home /dev/disk/by-id/something-part5 none none
>> cr_two /dev/disk/by-uuid/someuuid /home/cer/Keys/the_two_keyfile auto
>> /dev/mapper/cr_home /home xfs lazytime,,nofail 0 2
>> /dev/mapper/cr_two /data/two xfs user,lazytime,exec,nofail 1 3
>> "/data/two" is mounted automatically without asking for the passphrase, after home is mounted.
>> You should not have the key file available on a non-encrypted mount, of course. Or not one that is always available on the computer, or the thieves will open your files.
> Hi Carlos,
> thank you for answering.
> With your procedure "/data/two" is mounted automatically because the
> passphrase is in /home but is expected to enter a passphrase to
> decrypt /home ?
As I said, if the passfile is stored in the computer, it has to be
protected by another password, ie, encripted.
If the passfile is in the clear, it can not be stored in the computer.
It should be a removable device that is never kept with the computer.
Like a key you keep on a necklace.
You could keep the passfile encripted with GPG, and during boot somehow
generate another file in the clear that you store on a ramdisk, used to
decrypt the disk. You have to enter the GPP decryption key during boot
Cheers / Saludos,
Carlos E. R.
(from 42.2 x86_64 "Malachite" at Telcontar)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the dm-crypt