I've recently upgraded my backup machine from 11.4 to openSuSE 13.1 and I use an encrypted drive. In the past (prior to systemd) I could edit /lib/cryptsetup/boot.crypto.functions to look something like the following:
local cmd
# map the devices
if test -n "$luks" || cryptsetup isLuks "$device" &> /dev/null; then
luks='yes'
cmd=(luksOpen -d /path/to/my/key "$device" "$name")
else
However, doing this seems to no longer work as I get a prompt like:
Password entry required for 'Please enter passphrase for disk MYDISK (cr_mountpoint) on /mountpoint!' (PID ####).
Please enter password with the systemd-tty-ask-password-agent tool!
Does anyone know what file I might need to edit to fix this?
On 2013-12-16 21:56, nrickert wrote:
>
> sailorcire;2608919 Wrote:
>> Does anyone know what file I might need to edit to fix this?
>
> If the key is in a file that is available at the right time during boot,
> you can put the path in “/etc/crypttab”. Check the man page.
This interests me.
I read time ago that it was possible to keep a large key in a file
stored in external media (memory card, usb stick…), and be prompted
for a passphrase as well, before activating a encrypted partition.
Thus if the memory stick is stolen, it is not enough to read the data.
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
For those who are too lazy to read the manual (or in the event it changes in the future), the third parameter in /etc/crypttab can be a path to your key file.
On 2013-12-16 22:56, sailorcire wrote:
>
> nrickert;2608959 Wrote:
> For those who are too lazy to read the manual (or in the event it
> changes in the future), the third parameter in /etc/crypttab can be a
> path to your key file.
Yep, I know that
But it does not ask you for a passphrase in addition to the file. I’ve
never seen how to do that, only mentions that some people do it.
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
On 2013-12-16 23:06, sailorcire wrote:
>
> robin_listas;2608967 Wrote:
>
> This sounds interesting as well, it might be -very- useful for a laptop.
>
> If you come across an article then I’d be interested, if not then oh
> well.
Sure! But I have never seen it…
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)