gnupg smartcard on boot for LUKS on sid debian howto ?

tux.tsndcb at free.fr tux.tsndcb at free.fr
Sun Apr 20 09:05:48 CEST 2014


Hello Peter,

I've read the README.gnupg file in cryptsetup, and it is indicate 3 steps to do :

1) First, you'll have to create the encrypted keyfile by:

# dd if=/dev/random bs=1 count=256 | gpg --no-options --no-random-seed-file \
	--no-default-keyring --keyring /dev/null --secret-keyring /dev/null \
	--trustdb-name /dev/null --symmetric --output /etc/keys/cryptkey.gpg

2) Formate the partition with this cryptkey.gpg key file

# /lib/cryptsetup/scripts/decrypt_gnupg /etc/keys/crytpkey.gpg | \
	cryptsetup --key-file=- luksFormat /dev/<luks_device>

3) Modifie the /etc/crypttab file :

cdev1	/dev/<luks_device>	/etc/keys/cryptkey.gpg	luks,keyscript=decrypt_gnupg



But in fact I've a problem in the step 1, because if I use the command line :

# dd if=/dev/random bs=1 count=256 | gpg --no-options --no-random-seed-file \
	--no-default-keyring --keyring /dev/null --secret-keyring /dev/null \
	--trustdb-name /dev/null --symmetric --output /etc/keys/cryptkey.gpg

It is not my gnupg key use to encrypt this cryptkey.gpg file, so it will be not my gnupg key on my smartcard use to decrypt it.

How can I modify in this command line to use my gnupg key to generate this cryptkey.gpg ?

Thanks in advanced for your return.

Best Regards.



More information about the Gnupg-users mailing list