Re: Re: encrypted partition question

To: debian-user@lists.debian.org
Subject: Re: Re: encrypted partition question
From: DanMitton <DanMittonSr@gmail.com>
Date: Sat, 20 Sep 2008 21:32:09 -0700 (PDT)
Message-id: <[🔎] 19591597.post@talk.nabble.com>
In-reply-to: <[🔎] 27310d2c0809041348i20824ddt2f54f1b157525aad@mail.gmail.com>
References: <[🔎] 1220549112.2816.28.camel@discovery1> <[🔎] 48C01F60.4050601@mtouch.it> <[🔎] 27310d2c0809041126x5d7a11e5ib53776383db58c2b@mail.gmail.com> <[🔎] 1220559785.3133.20.camel@discovery1> <[🔎] 27310d2c0809041348i20824ddt2f54f1b157525aad@mail.gmail.com>



If I don't want to use "none" and be prompted for the passphrase, how can I
do it?  I have the passphrase on a USB thumb drive, but how do I specify the
key file name?  /dev/sdc1/somedirectory/somefile ??



Cassiano Bertol Leal wrote:
> 
> On Thu, Sep 4, 2008 at 5:23 PM, Alexander Golovin
> <alex.golovin@mail.ru>wrote:
> 
>>
>>  Hi Cassiano!
> 
> 
> Hi!
> 
> 
>> You've written:
>> "a far as I know the mapping should be recreated each time you reboot
>> using /sbin/cryptsetup. We are using luks extension and at each reboot
>> we need to issue cryptsetup luksOpen </dev/name> <mappername>.
>>
> 
> 
> The text above was actually from Andrea Bicciolo, to which I replied:
> 
> 
>> /etc/crypttab should make the use of this command unecessary. The
>> passphrase will then be asked at boot time."
>>
> 
>  Can you describe how to we need do that?
> 
> 
> To me it seems that what you've described in your first e-mail is pretty
> much ok.
> 
> The problem you're facing is that the encrypted volume is not being
> de-crypted and this is the reason why the device (the actual partition
> inside the encrypted vol) is not being mapped into /dev/mapper.
> 
> In step 3 (from your original e-mail) you are inserting only two fields
> into
> /etc/crypttab, but this file mandates four fields: target, source device,
> key file and options.
> 
> - Target is the device that will be created in /dev/mapper (in your
> example,
> "crypt" without the quotes);
> - Source device is the actual device or partition (/dev/hda6) that's
> encrypted
> - Key file is where the system will read the key to de-crypt the volume.
> If
> set to "none", you will be asked for a passphrase, which I assume is your
> case
> - Options can be many things. For LUKS, just put "luks". For more options,
> refer to "man /etc/crypttab"
> 
> My guess is that if you correct your step 3 to include all four fields in
> /etc/crypttab you will be automatically asked for the passphrase next time
> you boot the machine, so edit the file and substitute:
> 
> crypt /dev/hda6
> 
> for
> 
> crypt /dev/hda6 none luks
> 
> Save the file and reboot. If it does not work, post back your experience.
> 
> My experience with manually encrypted partitions is somewhat limited, but
> overall it should work as I described.
> 
> Cheers,
> Cassiano Leal
> 
> 

-- 
View this message in context: http://www.nabble.com/encrypted-partition-question-tp19316048p19591597.html
Sent from the Debian User mailing list archive at Nabble.com.

Reply to:

Follow-Ups:
- Re: encrypted partition question
  - From: Rick Thomas <rbthomas55@pobox.com>

References:
- encrypted partition question
  - From: Alexander Golovin <alex.golovin@mail.ru>
- Re: encrypted partition question
  - From: Andrea Bicciolo <a.bicciolo@mtouch.it>
- Re: encrypted partition question
  - From: "Cassiano Leal" <cassianoleal@gmail.com>
- Re: Re: encrypted partition question
  - From: Alexander Golovin <alex.golovin@mail.ru>
- Re: Re: encrypted partition question
  - From: "Cassiano Leal" <cassianoleal@gmail.com>

Prev by Date: Automação de Usinas de Alcool
Next by Date: Re: Shorewall Firewall with dynamic interfaces
Previous by thread: Re: encrypted partition question
Next by thread: Re: encrypted partition question
Index(es):
- Date
- Thread