I believe this blog article could be a useful reference: https://blog.kumina.nl/2010/07/two-factor-luks-using-ubuntu/
This happens to work beautifully w/ the Yubikey NEO and the GPG Applet The article does omit any backup measures, so I added a separate long passphrase to use in the backup case - but to use it requires the initial boot UI to fail and I manually unlock the volumes and resume boot w/o the gnupg unlock. On Wed, Apr 16, 2014 at 11:40 AM, <tux.tsn...@free.fr> wrote: > Hello Peter, > > Actually, I'm on a fresh sid Debian installed, I've use during install > crypted LVM volume for all my partitions excepted for /boot. > > So now I've two files like these : > > /etc/fstab > # /etc/fstab: static file system information. > # > # Use 'blkid' to print the universally unique identifier for a > # device; this may be used with UUID= as a more robust way to name devices > # that works even if disks are added and removed. See fstab(5). > # > # <file system> <mount point> <type> > <options> <dump> <pass> > /dev/mapper/sda5_crypt / btrfs > ssd,discard,noatime 0 1 > # /boot was on /dev/sda1 during installation > UUID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx /boot btrfs > ssd,discard,noatime 0 2 > /dev/mapper/sda7_crypt /data btrfs > ssd,discard,noatime 0 2 > ... > > and > > /etc/cryptab : > sda5_crypt UUID=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy none luks,discard > sda7_crypt UUID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx none luks,discard > .... > > In a first time, I want to add a key.gpg file solution, so in the firt > time I want it ask to me the pincode for the key.gpg file, and if it's > wrong or broken ask me the usual passphrase. > > > So could you explain us step by step, how to add this key.gpg as > passphrase on a existing lvm crypted partition and how to have gnupg > smartcard activate on boot to decrypt the key.gpg file ? > > Thanks in advanced for your return. > > PS : my gnupg smartcard works actually fine on a terminal on xsession. > > Best Regards > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Thomas Harning Jr. (http://about.me/harningt)
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
