Hello all, Someone has an idea to do that please and how to do that ?
All help is appreciated. Thanks in advanced. Best Regards. ----- Mail original ----- De: "tux tsndcb" <tux.tsn...@free.fr> À: "Thomas Harning Jr." <harni...@gmail.com> Cc: gnupg-users@gnupg.org Envoyé: Mercredi 16 Avril 2014 22:19:28 Objet: Re: gnupg smartcard on boot for LUKS on sid debian howto ? Hello, Thanks for your answer, I've already see your article and I asked to me many questions. But in my case I've already crypted lvm partition with a passphrase, so can I only generated key.txt file and encrypt it with my gnupg key and add in cryptab file : /etc/cryptab : sda5_crypt UUID=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy /etc/gpg_luks/luks-key.txt none luks,keyscript=/usr/local/sbin/decrypt_luks.sh sda5_crypt UUID=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy none luks,discard <target name> <source device> <key file> <options> crypto /dev/sda2 none luks,keyscript=/usr/local/sbin/decrypt_luks.sh sda7_crypt UUID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx none luks,discard But in the debian case, it's seems than I neeed to use /lib/cryptsetup/scripts/decrypt_gnupg, but I've not really exemple on that. Best Regards ----- Mail original ----- De: "Thomas Harning Jr." <harni...@gmail.com> À: "tux tsndcb" <tux.tsn...@free.fr> Cc: "Peter Lebbing" <pe...@digitalbrains.com>, gnupg-users@gnupg.org Envoyé: Mercredi 16 Avril 2014 21:32:22 Objet: Re: gnupg smartcard on boot for LUKS on sid debian howto ? I believe this blog article could be a useful reference: https://blog.kumina.nl/2010/07/two-factor-luks-using-ubuntu/ This happens to work beautifully w/ the Yubikey NEO and the GPG Applet The article does omit any backup measures, so I added a separate long passphrase to use in the backup case - but to use it requires the initial boot UI to fail and I manually unlock the volumes and resume boot w/o the gnupg unlock. On Wed, Apr 16, 2014 at 11:40 AM, < tux.tsn...@free.fr > wrote: Hello Peter, Actually, I'm on a fresh sid Debian installed, I've use during install crypted LVM volume for all my partitions excepted for /boot. So now I've two files like these : /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> /dev/mapper/sda5_crypt / btrfs ssd,discard,noatime 0 1 # /boot was on /dev/sda1 during installation UUID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx /boot btrfs ssd,discard,noatime 0 2 /dev/mapper/sda7_crypt /data btrfs ssd,discard,noatime 0 2 ... and /etc/cryptab : sda5_crypt UUID=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy none luks,discard sda7_crypt UUID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx none luks,discard .... In a first time, I want to add a key.gpg file solution, so in the firt time I want it ask to me the pincode for the key.gpg file, and if it's wrong or broken ask me the usual passphrase. So could you explain us step by step, how to add this key.gpg as passphrase on a existing lvm crypted partition and how to have gnupg smartcard activate on boot to decrypt the key.gpg file ? Thanks in advanced for your return. PS : my gnupg smartcard works actually fine on a terminal on xsession. Best Regards _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Thomas Harning Jr. ( http://about.me/harningt ) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
