Comments on Passwordless encryption of the Linux root partition on Debian 8 with an USB key
In this article, an encrypted partition is opened using a secret key which is kept in an usb memory device. An automatic shell script is used to provide a secret key for encrypted volume at boot time.
9 Comment(s)
Comments
A suggestion:
For the SWAP use "Random Key" instead of "Passphrase". Then it will be automagically be used as swap and you don't need to type in a key for it.
Thanks for suggestion.
Good article. I wonder that: if I setup such a system and give it my customer for demo purpose, can my customer able to decryt and see all HDD content. Customert dont have root password but have usb key.
Using a USB stick as the key is just a hardware replacement for the password. So the person that has access to this usb stick has full acccess to the server.
The secret key of 8192 random byte is extracted from the usb stick using the dd command.
dd if=/dev/sdb of=/root/secret.key bs=512 skip=4 count=16
and on new usb this data is random? how about have 2 usb key?
My hat of to you. Outstanding tutorial.
Thanks for the well written and clear instructions.Instead of using a USB key containing random data (remember to write random data to it first otherwise the data won't be so random), one could also or additionally use a yubikey:https://github.com/tfheen/ykfde
i want to do full disk encryption for ubuntu and automatically boot up without write the passphrase, how can i do that? can you send me link for artcile please ?
Thanks for this awesome tutorial, i followed all steps and the key for sda3_crypt has loaded well, but the computer asked me to enter the key for sda2, how can i make it automatically load it?