Hi Jonas, Ah, I think I get it, I will make a keyfile with (dd if=/dev/random of=/tmp/keyfile bs=1M count=4) and then encrypt it http://ncrypt.sourceforge.net/ for instance? Then I decrypt the keyfile first using my passphrase and afterwards I will open the dm-crypt device with the decrypted key, right? ... I am using Ubuntu 8.04 so I guess I can use the wrapper for it? Thanks a lot for the help! Kind regards, Rense On Tue, Jul 8, 2008 at 1:28 PM, Jonas Meurer <jonas@xxxxxxxxxxxxxxx> wrote: > Hey Rense, > > On 08/07/2008 Rense Buijen wrote: > > I have encrypted my drive with dm-crypt and Luks. > > Now what I would like to have is that the volume can only be unlocked > with > > both a password AND a key. > > So far I have only been able to use a passphrase or just a key, I wonder > if > > it is possible to use both. > > The simple answer is: encrypt your key with some other encryption > software, like openssl or gnupg. > > cryptsetup has no built-in feature to combine password and keyfile. > You'll have to implement it on your own by using a keyfile for the LUKS > encryption, and encrypting that keyfile for additional security with > something else, for example openssl or gnupg. > > Which distribution do you use? In debian we do have a wrapper around > cryptsetup (cryptdisks) which supports keyscripts to be executed to > make the keyfile for your LUKS/dm-crypt device available. > > greetings, > jonas >
