* [dm-crypt] Newbie questions: how to configure and mount an encrypted partition on bootup?
@ 2012-03-19 3:33 David Li
2012-03-19 7:02 ` Arno Wagner
2012-03-19 7:27 ` Philipp Wendler
0 siblings, 2 replies; 3+ messages in thread
From: David Li @ 2012-03-19 3:33 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 1159 bytes --]
Hi,
I am totally new to dm-crypt. My OS is RHEL5/6.
Here is what I want to do:
I have a system that is pxebooted and the root fs is nfs mounted
from
another server. But I have a local disk that can be used as an encrypted
storage perhaps for user data. In the beginning it's blank with no
partitions.
So the first time I would let the user to decide how to partition
and
set up LUKS. From that point on each subsequent boot would automatically
mount the encrypted partitions as configured.
I am looking for general programmable way to achieve this. Maybe
someone has done the exact thing before.
Specifically,
1. On first boot, how should I modify the initramfs to prompt
the
user to set up LUKS? Or initramfs is not the way, what else?
2. On each subsequent boot, how would I let dm-crypt to
automatically retrieve the passphrase once the user logins into the system.
Assume that the passphrase has been stored on the same server to store the
root fs. I don't want to force him to type in the LUKS passphrase again to
unlock the partitions.
Thanks.
David
[-- Attachment #2: Type: text/html, Size: 5139 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [dm-crypt] Newbie questions: how to configure and mount an encrypted partition on bootup?
2012-03-19 3:33 [dm-crypt] Newbie questions: how to configure and mount an encrypted partition on bootup? David Li
@ 2012-03-19 7:02 ` Arno Wagner
2012-03-19 7:27 ` Philipp Wendler
1 sibling, 0 replies; 3+ messages in thread
From: Arno Wagner @ 2012-03-19 7:02 UTC (permalink / raw)
To: dm-crypt
I suggest you read up on encryption in general. If the passphrase
is stored on the system, the encryption becomes totally worthless.
Arno
On Sun, Mar 18, 2012 at 08:33:43PM -0700, David Li wrote:
> Hi,
> I am totally new to dm-crypt. My OS is RHEL5/6.
>
> Here is what I want to do:
> I have a system that is pxebooted and the root fs is nfs mounted
> from
> another server. But I have a local disk that can be used as an encrypted
> storage perhaps for user data. In the beginning it's blank with no
> partitions.
>
> So the first time I would let the user to decide how to partition
> and
> set up LUKS. From that point on each subsequent boot would automatically
> mount the encrypted partitions as configured.
>
> I am looking for general programmable way to achieve this. Maybe
> someone has done the exact thing before.
>
> Specifically,
> 1. On first boot, how should I modify the initramfs to prompt
> the
> user to set up LUKS? Or initramfs is not the way, what else?
>
> 2. On each subsequent boot, how would I let dm-crypt to
> automatically retrieve the passphrase once the user logins into the system.
> Assume that the passphrase has been stored on the same server to store the
> root fs. I don't want to force him to type in the LUKS passphrase again to
> unlock the partitions.
> Thanks.
> David
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] Newbie questions: how to configure and mount an encrypted partition on bootup?
2012-03-19 3:33 [dm-crypt] Newbie questions: how to configure and mount an encrypted partition on bootup? David Li
2012-03-19 7:02 ` Arno Wagner
@ 2012-03-19 7:27 ` Philipp Wendler
1 sibling, 0 replies; 3+ messages in thread
From: Philipp Wendler @ 2012-03-19 7:27 UTC (permalink / raw)
To: dm-crypt
Hi,
Am 19.03.2012 04:33, schrieb David Li:
> 2. On each subsequent boot, how would I let dm-crypt to
> automatically retrieve the passphrase once the user logins into the system.
> Assume that the passphrase has been stored on the same server to store the
> root fs. I don't want to force him to type in the LUKS passphrase again to
> unlock the partitions.
As Arno said, this is not secure at all.
However, one can use the login password of the user (which is typed in
anyway), either directly or indirectly. For example the gnome-keyring
can securely store passwords and is decrypted automatically on login
without an additional password.
It might be easier for you to use ecryptfs, though. This does what you
want by default (per-user encryption with no additional password to
enter), you just need to set up an encrypted directory once for each
user (could probably be automated).
Of course, this is only secure if the login password is strong and the
system and its administrator can be trusted.
Greetings, Philipp
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-03-19 8:18 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-19 3:33 [dm-crypt] Newbie questions: how to configure and mount an encrypted partition on bootup? David Li
2012-03-19 7:02 ` Arno Wagner
2012-03-19 7:27 ` Philipp Wendler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox