Unlock Existing LUKS Encrypted Drives With A Keyfile

Discussion in 'HOWTO-Related Questions' started by Frankly3D, Feb 9, 2012.

  1. Frankly3D

    Frankly3D New Member

    Am looking at this for Fedora 15
    Three existing encrypted partitions. all on /dev/vda
    /dev/vda2 (/vda3,vda4) all on an lvm
    /dev/vda1 = /boot not luks.

    This is a KVM guest. with a 31gb raw storage format,
    using KVM Virt-manager to connect if DE is required.

    Using seriel console, I'm finding it a pain to keep entering luks p\w.
    Can your article be used with an existing /dev/mapper device(s)

    I'm guessing I would put the keyfile on /boot.
    As any hacker would still need to unlock the "host box"
  2. sjau

    sjau Local Meanie Moderator

    /boot is not encrypted. You need to put it somewhere else.

    What I did is put it in /root because I don't mount /root on a seperate partition so it gets unlocked with "/" during boot up process

    But once that is unlocked, you can set it to auto-unlock everything else.
  3. Frankly3D

    Frankly3D New Member

    /dev/mapper/luks-f9034624-98d6-4987-a2bc-b9614f0304a4 / ext4 defaults 1 1

    Here's an existing /etc/fstab entry.
    Where on the entry would I place "/root/key-file
  4. sjau

    sjau Local Meanie Moderator

    (1) the method on how a drive gets unlocked belongs to crypttab and not fstab
    (2) as said, "/" can't be auto-unlocked.... that would kinda defeat the whole purpose
  5. Frankly3D

    Frankly3D New Member

    Apoligies you are correct:
    sudo nano /etc/crypttab

    I was using / as an an example from /etc/fstab
    So do I just copy the other luks /etc/fstab entries to
    an they are in a similar /dev/mapper/some_alphanumbric_string.
  6. sjau

    sjau Local Meanie Moderator

  7. Frankly3D

    Frankly3D New Member

    But I have problems with logic at times, possible dues to dyselxia
    I am starting at Step 5, trying to work back to Step 4,
    Steps 1-3 are done.

Share This Page