| 1 |
Okay, I have made a little progress. I have generated my private key using some random data + gpg: |
| 2 |
|
| 3 |
# head -c 3705 /dev/urandom | head -n 66 | tail -n 65 > key.out |
| 4 |
# gpg --symmetric -a --s2k-count 8388608 key.out |
| 5 |
<Enter your password twice> |
| 6 |
# mv key.out.asc key.gpg |
| 7 |
# rm -f key.out |
| 8 |
|
| 9 |
Now I have to copy that file on my stick and setup /etc/conf.d/dmcrypt: |
| 10 |
|
| 11 |
# whole root system encrypted with gpg key from removeable media |
| 12 |
target=crypt-root |
| 13 |
source='/dev/hdaX' |
| 14 |
key='/key:gpg' |
| 15 |
# This is your stick |
| 16 |
remdev='/dev/sda1' |
| 17 |
|
| 18 |
But what next? The example at [1] is based on key-only file (no passphrase). I know, later on /etc/conf.d/dmcrypt must be placed on the new root-fs but what now? I still have to setup it. cryptsetup doesn't do anything with gpg. So I have setup a pipeline? |
Archives