Hi there, I am new to this list and obviously i have a problem... We are using debian gnu/linux in a corporate desktop setup. We are using cryptsetup_1-1.0.3-2bpo1_i386.deb from backport.org Our notebooks should have full harddisk encryption. The system setup is done via FAI, which i tweaked enough to setup encrypted partitions (if interested: you can use a custom partition hook on your hardware class that does the job. When you write the fstab, then fai will skip its partitioning). Now doing a FAI setup, we would like to have the encryption take place automatically with a throwaway key and at the very end, we would like to prompt the owner of the notebook to provide a password. This one would be added via luksAddKey. Then the throwaway key would be deleted. Is this concept possible with luks? If so, how? Optionally, we would like to add a CorporateMasterKey as well, but i am not yet sure wether this should be a keyfile, gpg, openssl or rather password based. TIA, Christian -- Christian Folini Informationstechnologie 222 Apache and Linux Desktop Engineering Tel. 0041 31 338 35 24 christian.folini.post.ch --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
