Encrypting root partition with decryption key on USB thumb drive

From froelix.com - Wiki

Revision as of 18:26, 10 March 2013 by Froelix (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Problem:

Your root partition of Debian Linux is encrypted with DM-Crypt + LUKS.
On each boot process you have to enter the password to decrypt the root partition.
This description explains how to atomatically decrypt the root partition using a decryption key on a USB thumb drive.

Solution:

Create a bash script (e.g. /root/getkey.sh) which mount the USB thumb drive and reads the key:

#!/bin/sh
modprobe usb-storage 1>&2
modprobe ehci-hcd 1>&2
sleep 1
mkdir /usb 1>&2
mount /dev/disk/by-label/mypartitionlabel -t ext3 -o ro /usb 1>&2
cat /usb/.keys/my.key
umount /usb 1>&2

Note:

More details can be found at http://www.andreas-janssen.de/cryptodisk.html

Retrieved from "https://www.wiki.froelix.com/index.php?title=Encrypting_root_partition_with_decryption_key_on_USB_thumb_drive&oldid=71"