Full disc encryption - use keyfile on usb thumbdrive
As Ubuntu now offers full disc encryption upon installation there's just one thing that still eludes me and which I have not yet a accomplished.
Assume you want to remotely reboot your FDEed computer. Upon reboot you'll have to enter your password... problem is, you're not at your machine...
So, with luks you can also setup keys for unlocking devices. I have all my harddisks fully encrypted and except for the root drive "/" I did assign also a keyfile for the others (up to 10 passwords/keys per device I think).
So I changed /etc/crypttab to authenticate the other drives with the keyfile. Upon reboot I have to enter only the password for the root partition and the rest gets unlocked automatically as I have the keyfiles on the root partition.
so I wonder would it be possible to also put a keyfile onto a usb thumbdrive and use it to authenticate the root partition?
I've been thinking abuot this solution when you want to reboot from a remote location:
(1) copy the keyfile onto the usb pendrive that's attached to the computer
(2) reboot the computer
(3) it will unlock the root partition with the keyfile on the usb pendrive
(4) then add a little script that auto-deletes the keyfile on the usb pendrive (you don't want to have it permanently on there)
Would that be working? How could that be accomplished? Is that secure (or how to securely delete a file on a usb pendrive)?
What are other options to reboot a FDEed system from a remote location?