On Wed, 02 Sep 2009 14:20:47 -0300
Ariel Laganá <i...@ariellagana.com.ar> wrote:
> Hi everyone,
>
> I have lenny installed on a PC in which I'm trying to use an encrypted
> swap partition with LUKS, but I want to use a keyfile instead of a
> passphrase to unlock it.
>
> I've created a 256bits random key:
>
> dd if=/dev/urandom of=/root/swapcrypt bs=1 count=256
>
> But when I try to format the partition and set the default keyfile, the
> --key-file parameter is ignored and I'm asked for a passphrase. This is
> how I'm doing it (sda2 is my swap partition):
>
> cryptsetup luksFormat /dev/sda2 --key-file=/root/swapcrypt --key-slot=0
>
> Am I missing something or is there anything I'm doing wrong?
According the manpage, you shouldn't need '--key-file=', but simply
'cryptsetup luksFormat /dev/sda2 /root/swapcrypt'. Moreover, the
manpage implies that the '--key-slot' option should be before the
'luksFormat' action, not after:
SYNOPSIS
cryptsetup <options> <action> <action args>
...
LUKS EXTENSION
LUKS, Linux Unified Key Setup, is a standard for hard disk
encryption. It standardizes a partition header, as well as the format
of the bulk data. LUKS can manage multiple passwords, that can be
revoked effectively and that are protected against dictionary attacks
with PBKDF2.
These are valid LUKS actions:
luksFormat <device> [<key file>]
initializes a LUKS partition and sets the initial key,
either via prompting or via <key file>. <options> can be [--cipher,
--verify-passphrase, --key-size, --key-slot].
Celejar
--
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
