2017-03-26 19:53:30 +00:00
|
|
|
# Usbcrypt
|
|
|
|
|
|
|
|
Usbcrypt add support for encrypted system with luks encrypted keyfile on external drive
|
|
|
|
|
|
|
|
### Prerequisities
|
|
|
|
|
|
|
|
[mkinitcpio](https://wiki.archlinux.org/index.php/Mkinitcpio#Installation)
|
|
|
|
|
|
|
|
### Installing
|
|
|
|
|
|
|
|
* On existing encrypt boot
|
|
|
|
* sdX0 : key partition
|
|
|
|
* sdY0 : luks drive
|
|
|
|
|
|
|
|
1. Create key on existing *small* partition
|
|
|
|
```shell
|
|
|
|
dd if=/dev/zero of=/dev/sdX0
|
|
|
|
cryptsetup luksFormat /dev/sdX0
|
|
|
|
cryptsetup open /dev/sdX0 key
|
|
|
|
dd if=/dev/random of=/dev/mapper/key
|
|
|
|
```
|
|
|
|
|
|
|
|
2. Add the key to LUKS
|
|
|
|
```shell
|
|
|
|
cryptsetup luksAddKey /dev/sdY0 /dev/mapper/key
|
|
|
|
```
|
|
|
|
|
|
|
|
3. Install Usbcrypt
|
|
|
|
```shell
|
|
|
|
git clone https://github.com/sheychen290/usbcrypt.git
|
|
|
|
cd usbcrypt
|
|
|
|
cp install-usbcrypt /usr/lib/initcpio/install/usbcrypt
|
|
|
|
cp hooks-usbcrypt /usr/lib/initcpio/hooks/usbcrypt
|
|
|
|
```
|
|
|
|
|
|
|
|
4. Setup Usbcrypt
|
|
|
|
* /etc/mkinitcpio.conf : Change encrypt hook to usbcrypt
|
|
|
|
* mkinitcpio -P
|
|
|
|
|
|
|
|
5. Boot options
|
|
|
|
```shell
|
|
|
|
usbcryptdevice=UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX:key
|
|
|
|
```
|
|
|
|
|
|
|
|
6. Remove old passphrase
|
|
|
|
```shell
|
|
|
|
cryptsetup luksRemoveKey /dev/sdY0
|
|
|
|
```
|