FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 11-12-2009, 01:34 PM
Celejar
 
Default Encrypted SWAP with keyfile

On Wed, 02 Sep 2009 14:20:47 -0300
Ariel Laganá <it@ariellagana.com.ar> wrote:

> Hi everyone,
>
> I have lenny installed on a PC in which I'm trying to use an encrypted
> swap partition with LUKS, but I want to use a keyfile instead of a
> passphrase to unlock it.
>
> I've created a 256bits random key:
>
> dd if=/dev/urandom of=/root/swapcrypt bs=1 count=256
>
> But when I try to format the partition and set the default keyfile, the
> --key-file parameter is ignored and I'm asked for a passphrase. This is
> how I'm doing it (sda2 is my swap partition):
>
> cryptsetup luksFormat /dev/sda2 --key-file=/root/swapcrypt --key-slot=0
>
> Am I missing something or is there anything I'm doing wrong?

According the manpage, you shouldn't need '--key-file=', but simply
'cryptsetup luksFormat /dev/sda2 /root/swapcrypt'. Moreover, the
manpage implies that the '--key-slot' option should be before the
'luksFormat' action, not after:


SYNOPSIS
cryptsetup <options> <action> <action args>


...

LUKS EXTENSION
LUKS, Linux Unified Key Setup, is a standard for hard disk
encryption. It standardizes a partition header, as well as the format
of the bulk data. LUKS can manage multiple passwords, that can be
revoked effectively and that are protected against dictionary attacks
with PBKDF2.

These are valid LUKS actions:

luksFormat <device> [<key file>]

initializes a LUKS partition and sets the initial key,
either via prompting or via <key file>. <options> can be [--cipher,
--verify-passphrase, --key-size, --key-slot].

Celejar
--
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-12-2009, 06:06 PM
Celejar
 
Default Encrypted SWAP with keyfile

[Putting this back on list.]

On Thu, 12 Nov 2009 16:32:54 +0100
Kamil Kułaga <teodozjan@gmail.com> wrote:

> Try this. It is for encrypted file but should work similar on partition.
> http://feraga.com/library/howto_use_cryptsetup_with_luks_support_0
>
> Generating key is not needed. Getting data from dev urandom is made to
> obfuscate encrypted partion (empty space can provide clues for
> breaking cipher).

I am not the OP - I have encrypted volumes working fine, on both the
primary HDD of my machine, as well as an external USB HDD.

Celejar
--
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 01:14 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org