Hi,
I have a laptop with a SSD (which will contain the root) and a HDD (which will contain space-consuming things such as /home) and I would like to encrypt everything it contains with a keyfile and a password. I also have a non-encrypted USB key that will contain /boot and the initrd. I also would like to be able to backup the keyfile easily without having to back up something actually bigger than the keyfile.
After reading the whole FAQ, what I've understood leads me to organize things as follow:
--- (A) Disk layout ---
- Two unencrypted partitions on the USB key:
* boot-fs: will be mounted as /boot and contains the initrd
* key-fs: will contain the keyfile (it is not on boot-fs because there is no point keeping it mounted after leaving the initrd, and I can always mount it manually if I need it to change the password protecting the master password)
- One encrypted partition on the SSD:
* root-fs: will be mounted at /
- Several encrypted partitions (meaning several LVM partition all sharing the same encryption):
* swap-fs
* var-fs
* home-fs
* ...
--- (B) Ensure that both password and keyfile are required ---
(1) The original idea was to encrypt key-fs with the password, hence making sure that both the password and the USB key are needed to decrypt the other disks. But I want to be able to easily back up the keyfile (where backing up means writing it on a paper without the use of a printer). And encrypting key-fs would mean adding a lot of "useless" bytes around the keyfile.
(2) Hence the second idea: Since I'll have to play with initrd anyway (because by default, it doesn't like mounting a system that isn't the new root first), I could write a script that would prompt me for the password, concatenate it with the content of the keyfile and use that as key. I wanted to know whether this looks to you like a terrible idea or not.
(3) I am of course open to a third option but I couldn't find any.
--- (C) Encryption of the actual data ---
(1) About the encryption of the actual data, I have 3 options:
- (a) Use dm-crypt directly and assume the concatenation of a user-typed password and a keyfile of random bits something can (safely) be used as a master password (is this true?).
- (b) Use LUKS (which I would prefer to avoid, if it doesn't comprimise the security, because it adds a weak spot against disk failure: the header)
(2) Then, since I have several partitions, I have to decide between:
- (a) Using decrypt_derived (that would be simpler but the FAQ says that's not what it's intended for)
- (b) Starting by decrypting a partition containing one keyfile per remaining encrypted volume (or just one for all of them?). And I again have the choice of LUKS vs dm-crypt but here, since the keyfile is random, there must be little difference between the two so I'd go with dm-crypt.
---
Thank you in advance for you answers,
Xavier Montillet
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
