Does crypttab/luks support reading the key from a USB drive?

Bruno Wolff III bruno at wolff.to
Mon Nov 22 21:57:09 UTC 2010


On Mon, Nov 22, 2010 at 13:10:28 -0800,
  "Joseph D. Wagner" <theman at josephdwagner.info> wrote:
> I'm rather new to this so please forgive me if this is documented somewhere.
> 
> I've been looking into using LUKS to encrypt my disk.  However, I don't
> want it to prompt me for a password.  Instead, I want it to read a key off
> of a removable USB stick.  Unfortunately, all the documentation I've found
> is based around entering a password.
> 
> Can crypttab/luks be configured to read the key off a removable USB stick
> instead of having a user-entered password?  If so, how would I setup such
> a configuration.

Yes it is possible to do this. A --key-file option can be provided when using
the luksOpen function of cryptsetup.

I don't know if this is easily integrated if you are doing an encrypted
install. So you might need to do some reading (dracut, cryptsetup and possibly
other stuff) if you need to set this up manually.


More information about the users mailing list