1 |
Okay, I have made a little progress. I have generated my private key using some random data + gpg: |
2 |
|
3 |
# head -c 3705 /dev/urandom | head -n 66 | tail -n 65 > key.out |
4 |
# gpg --symmetric -a --s2k-count 8388608 key.out |
5 |
<Enter your password twice> |
6 |
# mv key.out.asc key.gpg |
7 |
# rm -f key.out |
8 |
|
9 |
Now I have to copy that file on my stick and setup /etc/conf.d/dmcrypt: |
10 |
|
11 |
# whole root system encrypted with gpg key from removeable media |
12 |
target=crypt-root |
13 |
source='/dev/hdaX' |
14 |
key='/key:gpg' |
15 |
# This is your stick |
16 |
remdev='/dev/sda1' |
17 |
|
18 |
But what next? The example at [1] is based on key-only file (no passphrase). I know, later on /etc/conf.d/dmcrypt must be placed on the new root-fs but what now? I still have to setup it. cryptsetup doesn't do anything with gpg. So I have setup a pipeline? |