On Wed, Aug 20, 2014 at 18:11, Julien Meister wrote: > Hello everbody, > > I'm from FreeBSD and I wanted to give OpenBSD a (new) try. > > I would like to have a full disk encryption (as I've seen it's possible now > with OpenBSD 5.5) and use a smart card to decrypt the volumes at > boot, instead of having to type a password, which seems "less secure". > > I read a lot of articles to see how it works using bioctl but none are > talking about using a smart card as a keydisk, only USB drive. > > If I understood correctly, when using "bioctl -k /path/of/RAID/keydisk", > the key is created automatically and the encrypted RAID volume is > associated to that "USB RAID partition keydisk". So the system can now > boot only if the BIOS/UEFI finds that particular USB RAID partition. > > My questions are: > > 1) How to do the same thing using a Smart Card instead of a USB drive? > > 2) Is it possible to "copy" the image of the USB key disk to a Smart Card > (or inversely) to be able to boot using either the USB or the Smart Card? > > 3) If the Smart card is used as a key disk to boot the system. Is it > possible to configure that same smart card to access my home computer > using SSH? (As if it was ONLY possible to SSH to my computer using that > smartcard).
This would depend a lot on your smart card. Does it show up as a disk, like sd1 or sd2, like USB drives do? If so, then you do exactly what you'd do with a USB drive. If not, then it's not supported.
