gnupg smartcard on boot for LUKS on sid debian howto ?
tux.tsndcb at free.fr
tux.tsndcb at free.fr
Sun Apr 20 09:05:48 CEST 2014
Hello Peter,
I've read the README.gnupg file in cryptsetup, and it is indicate 3 steps to do :
1) First, you'll have to create the encrypted keyfile by:
# dd if=/dev/random bs=1 count=256 | gpg --no-options --no-random-seed-file \
--no-default-keyring --keyring /dev/null --secret-keyring /dev/null \
--trustdb-name /dev/null --symmetric --output /etc/keys/cryptkey.gpg
2) Formate the partition with this cryptkey.gpg key file
# /lib/cryptsetup/scripts/decrypt_gnupg /etc/keys/crytpkey.gpg | \
cryptsetup --key-file=- luksFormat /dev/<luks_device>
3) Modifie the /etc/crypttab file :
cdev1 /dev/<luks_device> /etc/keys/cryptkey.gpg luks,keyscript=decrypt_gnupg
But in fact I've a problem in the step 1, because if I use the command line :
# dd if=/dev/random bs=1 count=256 | gpg --no-options --no-random-seed-file \
--no-default-keyring --keyring /dev/null --secret-keyring /dev/null \
--trustdb-name /dev/null --symmetric --output /etc/keys/cryptkey.gpg
It is not my gnupg key use to encrypt this cryptkey.gpg file, so it will be not my gnupg key on my smartcard use to decrypt it.
How can I modify in this command line to use my gnupg key to generate this cryptkey.gpg ?
Thanks in advanced for your return.
Best Regards.
More information about the Gnupg-users
mailing list