Hi Just discovered LUKS in CentOS and it looks like an ideal way to encrypt a partition with my MySQL data files on. I have a HP Proliant server with removable drives and thought that the ideal situation would be to require 2 keys to unlock the partition. The first would be either a passphrase or a keyfile on an external removable USB key and the second would be a key file in flash memory that is mounted securly internally in the machine. I know that LUKS supports multiple key slots but is there a way to require 2 to be used ? The thinking being that should someone steal the whole system they would need the passphrase or external keyfile to access the drive but if they remove a drive and manage to get hold of the passphrase or pick up a USB key disk there would be no way of them using it as they would also need the key that is safely secured inside the server. Essentially they would need both an access key and the actual machine that the drive was installed in. Thanks Darren ADSL Nation Ltd. +44 (0) 1865 761114 Registered in England & Wales, company number: 04457730. Registered address: 29 Glebelands, Headington, Oxford, OX3 7EN. |
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt