steve landiss
Reputation: 1913
How do I make cryptsetup automatically use a key file during mount time?
I am programmatically invoking cryptsetup and would like to pass in a key file on demand at the command line (not interactively).
How can I use cryptsetup with luks to take in a key file at the command line?
Upvotes: 3
Views: 1290
Answers (1)
Taleeb
Reputation: 135
You need to create a keyfile:
dd if=/dev/random bs=32 count=1 of=/root/random_data_keyfile1
printf "YOUR PASSPHRASE" >/root/plaintext_passphrase_keyfile2
make the file read only to root:
sudo chmod 0400 /root/random_data_keyfile1
Add the key to LUKS:
cryptsetup luksAddKey /dev/sdX /root/random_data_keyfile1
You must add an entry to "/etc/crypttab":
echo "luks-$(cryptsetup luksUUID /dev/sdX) UUID=$(cryptsetup luksUUID /dev/sdX) /root/random_data_keyfile1" >>/etc/crypttab
reboot to make sure the device auto-unlocked. make sure you have the right device ID.
reference: https://access.redhat.com/solutions/1121163
Upvotes: 3
Related Questions
- How to load LUKS passphrase from USB, falling back to keyboard?
- How to make Keycloak use its database password from keyvault instead of env file
- True crypt auto mounting on start-up does not work
- Reuse Cipher (prevent init)
- Modify/Set root device in initramfs script
- How do I mount/unlock my custom (!) ecryptfs directory on login?
- Mount TrueCrypt volume on login in Ubuntu
- Using the Crypto API in the Linux Kernel on a file
- Loading and storing encryption keys from a config source
- Encrypted volume automounting in Mac OS X