gnupg smartcard on boot for LUKS on sid debian howto ?

[tux.tsndcb at free.fr]

Hello Peter,

Actually, I'm on a fresh sid Debian installed, I've use during install crypted LVM volume for all my partitions excepted for /boot.

So now I've two files like these :

/etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> 				<mount point>   <type>  <options>       	<dump>  <pass>
/dev/mapper/sda5_crypt 				/               btrfs   ssd,discard,noatime     0       1
# /boot was on 	/dev/sda1 during installation
UUID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 	        /boot           btrfs   ssd,discard,noatime     0       2
/dev/mapper/sda7_crypt 				/data           btrfs   ssd,discard,noatime     0       2
...

and

/etc/cryptab :
sda5_crypt UUID=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy none luks,discard
sda7_crypt UUID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx none luks,discard
....

In a first time, I want to add a key.gpg file solution, so in the firt time I want it ask to me the pincode for the key.gpg file, and if it's wrong or broken ask me the usual passphrase.


So could you explain us step by step, how to add this key.gpg as passphrase on a existing lvm crypted partition and how to have gnupg smartcard activate on boot to decrypt the key.gpg file ?

Thanks in advanced for your return.

PS : my gnupg smartcard works actually fine on a terminal on xsession.

Best Regards