I am programmatically invoking cryptsetup and would like to pass in a key file on demand at the command line (not interactively).
How can I use cryptsetup with luks to take in a key file at the command line?
Asked
Active
Viewed 860 times
1 Answers
2
You need to create a keyfile:
dd if=/dev/random bs=32 count=1 of=/root/random_data_keyfile1
printf "YOUR PASSPHRASE" >/root/plaintext_passphrase_keyfile2
make the file read only to root:
sudo chmod 0400 /root/random_data_keyfile1
Add the key to LUKS:
cryptsetup luksAddKey /dev/sdX /root/random_data_keyfile1
You must add an entry to "/etc/crypttab":
echo "luks-$(cryptsetup luksUUID /dev/sdX) UUID=$(cryptsetup luksUUID /dev/sdX) /root/random_data_keyfile1" >>/etc/crypttab
reboot to make sure the device auto-unlocked. make sure you have the right device ID.
reference: https://access.redhat.com/solutions/1121163
Taleeb
- 125
- 1
- 8