Create Keyfile for USB stick via GUI

    • Create Keyfile for USB stick via GUI

      Is it possible to create a keyfile via GUI. And store it on a USB Stick. To unlock my luks HDD ?
      I Want to put my USB-Stick in and the HDD should automatically encrypt. If I remove it should lock again.
      I have read this LUKS + KeyFile + AutoMount? [SOLVED] thread, but i have problems with post 35.

      Is there an easy way with the OMV GUI over Storage-Encyption-Keys-Add ?
      [IMG:https://i.imgur.com/M9rSDYu.png]


      If it is not possible to create it via GUI
      Questions:

      godfuture wrote:

      One thing about the usb stick...many people mount the stick to get the keyfile. but there are better ways...you could place /dev/random infront of the first partition. This way no mount is needed anymore. But check the start of your usb part:

      Source Code

      1. Device Boot Start End Sectors Size Id Type
      2. /dev/sdx1 2048 15633407 15631360 7,5G 83 Linux
      I have
      sda - USB stick / sdb - HDD (mounted both over GUI)
      But not sure what i should do with the start and end sector

      Brainfuck Source Code

      1. root@raspberrypiomv:~# lsblk
      2. NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
      3. sda 8:0 1 1.9G 0 disk
      4. └─sda1 8:1 1 1.9G 0 part /srv/dev-disk-by-label-USB
      5. sdb 8:16 0 465.7G 0 disk
      6. └─sdb-crypt 253:0 0 465.7G 0 crypt /srv/dev-disk-by-label-ENC
      7. mmcblk0 179:0 0 14.9G 0 disk
      8. ├─mmcblk0p1 179:1 0 63M 0 part /boot
      9. ├─mmcblk0p2 179:2 0 7.3G 0 part /
      10. └─mmcblk0p3 179:3 0 7.4G 0 part
      11. zram0 254:0 0 122.1M 0 disk [SWAP]
      12. zram1 254:1 0 122.1M 0 disk [SWAP]
      13. zram2 254:2 0 122.1M 0 disk [SWAP]
      14. zram3 254:3 0 122.1M 0 disk [SWAP]
      15. root@raspberrypiomv:~# blkid -o list
      16. device fs_type label mount point UUID
      17. --------------------------------------------------------------------------------------------------------------------------------
      18. /dev/mmcblk0p1 vfat boot /boot CE83-8CE1
      19. /dev/mmcblk0p2 ext4 / 2666ed46-1bb6-4ad7-ab5d-2ccde455c5e5
      20. /dev/zram0 swap [SWAP] 881f41bd-9972-4f9c-94cb-e44260725c54
      21. /dev/sdb crypto_LUKS (in use) d1bea340-6a8b-45c8-9687-a0c7cc496d1b
      22. /dev/zram1 swap [SWAP] a01b6755-a676-468c-9467-dead5885967a
      23. /dev/zram2 swap [SWAP] b562e03d-9125-4af9-8c24-073d860fc6f4
      24. /dev/zram3 swap [SWAP] b965ee6c-2a29-4fd5-8470-05097b8332cc
      25. /dev/mapper/sdb-crypt ext4 ENC /srv/dev-disk-by-label-ENC ce17d56c-aa25-41cf-9187-4c5356bf57b0
      26. /dev/sda1 ext4 USB /srv/dev-disk-by-label-USB e0186987-e1bf-490f-872c-1f2fbec4d677
      27. /dev/mmcblk0 (in use)
      28. /dev/mmcblk0p3 (not mounted)
      Display All
      now i think i copy from an "random file" the key to my usb stick

      godfuture wrote:

      Source Code

      1. dd if=/dev/random of=/dev/sdx bs=512 seek=1 count=204
      my try:

      Source Code

      1. root@raspberrypiomv:/etc# dd if=/dev/random of=/dev/sda bs=512 seek=1 count=2046
      2. dd: warning: partial read (115 bytes); suggest iflag=fullblock
      3. 0+2046 records in
      4. 0+2046 records out
      5. 161489 bytes (161 kB, 158 KiB) copied, 0.222977 s, 724 kB/s
      What happens here ? Overwrite the same file with a skip or copy it with a skip ?

      godfuture wrote:

      Source Code

      1. dd if=/dev/sdx bs=512 skip=1 count=8 > tempKeyFile.bin
      Last questions

      godfuture wrote:

      Add this keyfile to your luks header!

      Add this option to crypttab entries: "x x x luks,keyfile-size=4096,keyfile-offset=512"
      How can i add it in my header (i have done the luks encryption in the OMV GUI)
      which entries the fstab ?


      Thanks for Help
    • New

      protter wrote:

      Is it possible to create a keyfile via GUI. And store it on a USB Stick. To unlock my luks HDD ?
      I don't think so. As I see it OMV lets you only uploading the file.

      protter wrote:

      Is there an easy way with the OMV GUI over Storage-Encyption-Keys-Add ?
      I don't think so. As I see it OMV lets you only add a keyfile to the LUKS header.

      protter wrote:

      now i think i copy from an "random file" the key to my usb stick
      ...to be more precise, it is not a file, but a stream. I recommend you to read the man page before using dd. Without knowing what you do, you might end up with data loss.

      protter wrote:

      What happens here ? Overwrite the same file with a skip or copy it with a skip ?
      512 * 8 bytes of random data from USB stick is exported to file.

      protter wrote:

      How can i add it in my header (i have done the luks encryption in the OMV GUI)
      which entries the fstab ?
      Via the GUI or commandline (cryptsetup luksAddKey). The screenshot you have posted shows how it works to add a keyfile or password.

      I have written this in the thread few posts before (LUKS + KeyFile + AutoMount? [SOLVED]). Also about the crypttab entry. Good luck!
      Intel Pentium G3460T @ 3GHz
      Debian GNU/Linux 9.2 (stretch)
      Release: 4.0.10-1 Arrakis

      The post was edited 2 times, last by godfuture ().

    • Users Online 1

      1 Guest