On Sat, Feb 16, 2008 at 09:24:24PM +0100, Dan H. wrote: > On Fri, Feb 15, 2008 at 10:42:26AM -0800, Andrew Sackville-West wrote: > > > I'm confused. Can you not just enter the passphrase for the encrypted > > volume and unlock it? Or is there something I'm missing here that > > likely applies to my own encrypted system... > > > > I don't know about LUKS, but cryptmount (which I use) first > autogenerates the key, encrypts it with your passphrase and stores the > result under /etc/cryptmount. > > So to mount an encrypted drive, the key in /etc/cryptmount is decrypted > with your passphrase and then used to decrypt the actual data on the > partition. So, yes, if you hose the keys in /etc/cryptmount there's no > way to get back at your data. Which means you must backup those keys. > > But like I said, LUKS may work differently.
Apparently luks stores keys in a header on the partition so any luks enabled app can unlock the partition with the right key. A
signature.asc
Description: Digital signature
