On 2017-08-23 10:32, Marco Cavallini wrote: > 2017-08-22 17:09 GMT+02:00 Carlos E. R. <robin.listas@xxxxxxxxxxxxxx>: > >> >> I'm not a guru, but I do that easily. >> >> /etc/crypttab: >> >> cr_home /dev/disk/by-id/something-part5 none none >> cr_two /dev/disk/by-uuid/someuuid /home/cer/Keys/the_two_keyfile auto >> >> /etc/fstab: >> >> /dev/mapper/cr_home /home xfs lazytime,,nofail 0 2 >> /dev/mapper/cr_two /data/two xfs user,lazytime,exec,nofail 1 3 >> >> "/data/two" is mounted automatically without asking for the passphrase, after home is mounted. >> You should not have the key file available on a non-encrypted mount, of course. Or not one that is always available on the computer, or the thieves will open your files. >> > > > Hi Carlos, > thank you for answering. > With your procedure "/data/two" is mounted automatically because the > passphrase is in /home but is expected to enter a passphrase to > decrypt /home ? Of course. As I said, if the passfile is stored in the computer, it has to be protected by another password, ie, encripted. If the passfile is in the clear, it can not be stored in the computer. It should be a removable device that is never kept with the computer. Like a key you keep on a necklace. You could keep the passfile encripted with GPG, and during boot somehow generate another file in the clear that you store on a ramdisk, used to decrypt the disk. You have to enter the GPP decryption key during boot somehow. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
