Unlock Existing LUKS Encrypted Drives With A Keyfile

[Frankly3D]

Am looking at this for Fedora 15
Three existing encrypted partitions. all on /dev/vda
/dev/vda2 (/vda3,vda4) all on an lvm
/dev/vda1 = /boot not luks.


This is a KVM guest. with a 31gb raw storage format,
using KVM Virt-manager to connect if DE is required.

Using seriel console, I'm finding it a pain to keep entering luks p\w.
Can your article be used with an existing /dev/mapper device(s)

I'm guessing I would put the keyfile on /boot.
As any hacker would still need to unlock the "host box"

[sjau]

/boot is not encrypted. You need to put it somewhere else.

What I did is put it in /root because I don't mount /root on a seperate partition so it gets unlocked with "/" during boot up process

But once that is unlocked, you can set it to auto-unlock everything else.

[Frankly3D]

/dev/mapper/luks-f9034624-98d6-4987-a2bc-b9614f0304a4 / ext4 defaults 1 1

Here's an existing /etc/fstab entry.
Where on the entry would I place "/root/key-file

[sjau]

(1) the method on how a drive gets unlocked belongs to crypttab and not fstab
(2) as said, "/" can't be auto-unlocked.... that would kinda defeat the whole purpose

[Frankly3D]

Apoligies you are correct:
sudo nano /etc/crypttab

I was using / as an an example from /etc/fstab
So do I just copy the other luks /etc/fstab entries to
/etc/crypttab
an they are in a similar /dev/mapper/some_alphanumbric_string.

[sjau]

did you actually have a look here? http://www.howtoforge.com/automatica...with-a-keyfile

[Frankly3D]

Yes:
But I have problems with logic at times, possible dues to dyselxia
I am starting at Step 5, trying to work back to Step 4,
Steps 1-3 are done.