Is it possible to create a keyfile via GUI. And store it on a USB Stick. To unlock my luks HDD ?
I Want to put my USB-Stick in and the HDD should automatically encrypt. If I remove it should lock again.
I have read this LUKS + KeyFile + AutoMount? [SOLVED] thread, but i have problems with post 35.
Is there an easy way with the OMV GUI over Storage-Encyption-Keys-Add ?
If it is not possible to create it via GUI
Questions:
One thing about the usb stick...many people mount the stick to get the keyfile. but there are better ways...you could place /dev/random infront of the first partition. This way no mount is needed anymore. But check the start of your usb part:
I have
sda - USB stick / sdb - HDD (mounted both over GUI)
But not sure what i should do with the start and end sector
root@raspberrypiomv:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 1 1.9G 0 disk
└─sda1 8:1 1 1.9G 0 part /srv/dev-disk-by-label-USB
sdb 8:16 0 465.7G 0 disk
└─sdb-crypt 253:0 0 465.7G 0 crypt /srv/dev-disk-by-label-ENC
mmcblk0 179:0 0 14.9G 0 disk
├─mmcblk0p1 179:1 0 63M 0 part /boot
├─mmcblk0p2 179:2 0 7.3G 0 part /
└─mmcblk0p3 179:3 0 7.4G 0 part
zram0 254:0 0 122.1M 0 disk [SWAP]
zram1 254:1 0 122.1M 0 disk [SWAP]
zram2 254:2 0 122.1M 0 disk [SWAP]
zram3 254:3 0 122.1M 0 disk [SWAP]
root@raspberrypiomv:~# blkid -o list
device fs_type label mount point UUID
--------------------------------------------------------------------------------------------------------------------------------
/dev/mmcblk0p1 vfat boot /boot CE83-8CE1
/dev/mmcblk0p2 ext4 / 2666ed46-1bb6-4ad7-ab5d-2ccde455c5e5
/dev/zram0 swap [SWAP] 881f41bd-9972-4f9c-94cb-e44260725c54
/dev/sdb crypto_LUKS (in use) d1bea340-6a8b-45c8-9687-a0c7cc496d1b
/dev/zram1 swap [SWAP] a01b6755-a676-468c-9467-dead5885967a
/dev/zram2 swap [SWAP] b562e03d-9125-4af9-8c24-073d860fc6f4
/dev/zram3 swap [SWAP] b965ee6c-2a29-4fd5-8470-05097b8332cc
/dev/mapper/sdb-crypt ext4 ENC /srv/dev-disk-by-label-ENC ce17d56c-aa25-41cf-9187-4c5356bf57b0
/dev/sda1 ext4 USB /srv/dev-disk-by-label-USB e0186987-e1bf-490f-872c-1f2fbec4d677
/dev/mmcblk0 (in use)
/dev/mmcblk0p3 (not mounted)
Alles anzeigen
now i think i copy from an "random file" the key to my usb stick
my try:
root@raspberrypiomv:/etc# dd if=/dev/random of=/dev/sda bs=512 seek=1 count=2046
dd: warning: partial read (115 bytes); suggest iflag=fullblock
0+2046 records in
0+2046 records out
161489 bytes (161 kB, 158 KiB) copied, 0.222977 s, 724 kB/s
What happens here ? Overwrite the same file with a skip or copy it with a skip ?
Last questions
Add this keyfile to your luks header!
Add this option to crypttab entries: "x x x luks,keyfile-size=4096,keyfile-offset=512"
How can i add it in my header (i have done the luks encryption in the OMV GUI)
which entries the fstab ?
Thanks for Help