At Thu, 21 Sep 2006 15:01:51 +0200, Alexander Isphording <a.isphording@xxxxxx> wrote: > is there a way to configure LUKS so it requires more than one key to unlock a > partition? For example, a partition that can only be unlocked when you enter > a passphrase AND have a USB stick with a correct key connected to the > computer? > Does anyone have an idea how to realize this? Just compose the key and pipe it into LUKS. If you want to splitted secrets just do: cat secret1 secret2 | cryptsetup luksFormat/luksOpen Or if you want one secret to be a passphrase read from terminal: read pass echo $pass | sed -e "1 r /path/to/secret2" | crypsetup luksFormat/luksOpen Upcoming versions will support reading binary keys from stdin. Hmpf, I should really release 1.0.4 soon. -- Fruhwirth Clemens - http://clemens.endorphin.org for robots: sp4mtrap@xxxxxxxxxxxxx --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
