2016-12-04 - multi-disk encryption

SSD HDD some time ago i had an issue – i started to use (RAIDed) SSD disks for main system and (also RAIDed) HDD disks for storage of larger pieces of data. of course both encrypted. and that's the tricky place – entering password for both disks at boot time!

if i already have main disk encrypted, cannot i just read password off it, to automatically decrypt the second one? it turns out you can. :)

dd if=/dev/random of=/path/to/key.bin bs=4096 count=1
cryptsetup luksFormat /dev/my-disk /path/to/key.bin

now the last part is to add a proper entry to crypttab, so that disk automatically gets decrypted during boot (shortly after “/” gets decrypted). add entry like this, to the /etc/crypttab file:

my_crypt_dev_2 UUID=xxx-xxx-xxx-xxxx /path/to/key.bin luks

you can check UUID for oyur disks, by checking out links in udev:

ls -l /dev/disk/by-uuid/

note that eve though you can now automatically decrypt 2nd disk with off-disk password file, it's still good idea to assign password to it (eg. in case you loose access to the password-file). fortunately LUKS offers multiple passwords out of the box, so this is not a problem. :)

cryptsetup luksAddKey --key-file /path/to/key.bin /dev/my-disk

happy encrypting! :)

blog/2016/12/04/2016-12-04_-_multi-disk_encryption.txt · Last modified: 2016/12/04 19:37 by basz
Back to top
Valid CSS Driven by DokuWiki Recent changes RSS feed Valid XHTML 1.0