From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <htd@fancy-poultry.org>
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.171]) by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Wed, 21 Apr 2010 10:34:16 +0200 (CEST)
Date: Wed, 21 Apr 2010 10:34:17 +0200
From: Heinz Diehl <htd@fancy-poultry.org>
Message-ID: <20100421083417.GA6910@fancy-poultry.org>
References: <20100420141506.845AC44B6C@ws5-1.us4.outblaze.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20100420141506.845AC44B6C@ws5-1.us4.outblaze.com>
Subject: Re: [dm-crypt] passfrase or dev_random for keyfile of a dmcrypt_swap
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 20.04.2010, Si St wrote: 

> To Heinz: Would not a pre-generated keyfile need to be opened by a passfrase?

No, the keyfile itself is the "passphrase". I'm not talking about the
master key here, what I mean is something like

 dd if=/dev/urandom of=keyfile bs=64 count=1
 cryptsetup luksFormat /dev/sdx /path/to/keyfile
 
You could now e.g. do something like

 swap /dev/sdx /path/to/keyfile swap
 
in your crypttab, save the keyfile somewhere on the encrypted root
partition and open the swapspace using a bootscript after your root partition 
has been mapped. You could then backup the keyfile in a safe place and use
it to map the swap partition manually if desired (in the scenario you
described).