gnupg smartcard on boot for LUKS on sid debian howto ?

Thomas Harning Jr. harningt at gmail.com
Wed Apr 16 21:32:22 CEST 2014 

I believe this blog article could be a useful reference:
https://blog.kumina.nl/2010/07/two-factor-luks-using-ubuntu/

This happens to work beautifully w/ the Yubikey NEO and the GPG Applet

The article does omit any backup measures, so I added a separate long
passphrase to use in the backup case - but to use it requires the initial
boot UI to fail and I manually unlock the volumes and resume boot w/o the
gnupg unlock.


On Wed, Apr 16, 2014 at 11:40 AM, <tux.tsndcb at free.fr> wrote:

> Hello Peter,
>
> Actually, I'm on a fresh sid Debian installed, I've use during install
> crypted LVM volume for all my partitions excepted for /boot.
>
> So now I've two files like these :
>
> /etc/fstab
> # /etc/fstab: static file system information.
> #
> # Use 'blkid' to print the universally unique identifier for a
> # device; this may be used with UUID= as a more robust way to name devices
> # that works even if disks are added and removed. See fstab(5).
> #
> # <file system>                                 <mount point>   <type>
>  <options>               <dump>  <pass>
> /dev/mapper/sda5_crypt                          /               btrfs
> ssd,discard,noatime     0       1
> # /boot was on  /dev/sda1 during installation
> UUID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx             /boot           btrfs
> ssd,discard,noatime     0       2
> /dev/mapper/sda7_crypt                          /data           btrfs
> ssd,discard,noatime     0       2
> ...
>
> and
>
> /etc/cryptab :
> sda5_crypt UUID=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy none luks,discard
> sda7_crypt UUID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx none luks,discard
> ....
>
> In a first time, I want to add a key.gpg file solution, so in the firt
> time I want it ask to me the pincode for the key.gpg file, and if it's
> wrong or broken ask me the usual passphrase.
>
>
> So could you explain us step by step, how to add this key.gpg as
> passphrase on a existing lvm crypted partition and how to have gnupg
> smartcard activate on boot to decrypt the key.gpg file ?
>
> Thanks in advanced for your return.
>
> PS : my gnupg smartcard works actually fine on a terminal on xsession.
>
> Best Regards
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



-- 
Thomas Harning Jr. (http://about.me/harningt)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140416/d4f57818/attachment.html>

More information about the Gnupg-users mailing list