Hey all, I'm trying to create a completely encrypted setup (swap, home, / .... everything except /boot). I'm basing everything on these guides (under "Encrypted Filesystems") and the cryptsetup man page (man cryptsetup!) has anyone here ever attempted anything similar? I'm bound to run into a few problems (which i will post up ) but i was wondering if anyone has any pointers [OT] Encrypted swap is going to be fun as you don't need to be able to read the contents of swap every time you reboot, you can generate a new key to use every time (so when you reboot the old key is lost, and thus the contents of the swap partition as well!) One thought though, when you hibernate where does the contents of RAM get saved? I would hope its not your swap partition... as this would mean I'm going to have to change it! (the contents of my swap partition will be lost as shutdown) [/OT]
Ok, first problem! I formatted the partition with the command Code: cryptsetup luksFormat -d /mnt/usbstick/keyfile1 -c aes-cbc-essiv:sha256 /dev/sda3 since i have used a keyfile, how do i make the entry in crypttab? i tried using Code: crypt-home /dev/sda3 /mnt/usbstick/keyfile1 luks which returns the error: (it never asked me for a passphrase, but i did have to supply one to format the partition) Code: * Starting remaining crypto disks... -e - INSECURE MODE FOR /mnt/usbstick/keyfile1 Command failed: No key available with this passphrase. I also tried using: (i guess this tries to read the entire directory, not search through the keyfiles as i hoped ) Code: crypt-home /dev/sda3 /mnt/usbstick/ luks which returns the error Code: * Starting remaining crypto disks... -e - INSECURE MODE FOR /mnt/usbstick/ test: 44: root: unexpected operator Warning: exhausting read requested, but key file is not a regular file, function might never return. Command failed: No key available with this passphrase. whats going on here?
