Re: Mounting encrypted volumes at boot time without typing a password

#1 (**permalink**) 02-22-2008, 12:47 PM

On Sun, Sep 11, 2005 at 09:50:35PM +0200, Alberto Garcia Hierro wrote:
> El Domingo, 11 de Septiembre de 2005 19:57, escribis:
> > On Sun, 11 Sep 2005, Alberto Garcia Hierro wrote:
> > > Hi,
> > > I'd like to be able to do what subject says. I know (or at least think)
> > > this is not possible at this time, so I'd like to add support for this to
> > > OpenBSD. My question is, could that be accepted into OpenBSD (if it's
> > > good enough) ? If yes I'll write a paper with the details on the
> > > implementation I've tought of and I'll discuss it on this list before
> > > doing any coding. If nobody will find it usefull and it won't be
> > > accepted, I prefer not bothering you with my stupid ideas

.
> >
> > Why would you want to mount w/o promtping for a password? This implies
> > that the password is kept on the disk in some readable location, defeating
> > the purpose of encryption.
> >
> > But if you were going to do that, try expect. Possibly you could have a
> > script look for a usb dongle and read the password off that, if it
> > is there, and provide the password to vnconfig via expect.
>
> That is exactly what I was thinking of, store the key on some removable
> device. Storing it in the disk itself would mean someone who stole the disk
> could decrypt it!. My idea is call vnconfig on boot, configuring the devices
> and reading the key from removable media. I now that it could be done from
> rc.local, but I'd like to do it on a more generic way.

You could use hotplugd(8) to detect when a specific USB key is
inserted and automatically call vnconfig (if the encrypted partition
were not already mounted).

-Ray-

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode