On 21/04/2010 Heinz Diehl wrote: > On 20.04.2010, Si St wrote: > > > To Heinz: Would not a pre-generated keyfile need to be opened by a passfrase? > > No, the keyfile itself is the "passphrase". I'm not talking about the > master key here, what I mean is something like > > dd if=/dev/urandom of=keyfile bs=64 count=1 > cryptsetup luksFormat /dev/sdx /path/to/keyfile > > You could now e.g. do something like > > swap /dev/sdx /path/to/keyfile swap > > in your crypttab, save the keyfile somewhere on the encrypted root > partition and open the swapspace using a bootscript after your root partition > has been mapped. You could then backup the keyfile in a safe place and use > it to map the swap partition manually if desired (in the scenario you > described). it should be noted that this setup is unsafe without encrypted root partition. greetings, jonas
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
