Hi, On Sun, Sep 26, 2010 at 01:00:46AM +0200, Michael Tautschnig wrote: > Indeed, it was easy :-) - as of 4.0~beta2+experimental17 you should be able to > use > > luks:"Your passphrase" / ... > > instead of just "luks" to get a device encrypted with the passphrase of your > choice. The crypttab then has "none" for the keyfile name, which should make > it > ask you for a passphrase at bootup. Big fat WARNING: this is untested, but > testing would be much appreciated :-)
it seems that the implementation is wrong. I can see from the log that it uses the passphrase to generate a key file. That is not right. Unfortunately I see the dillemma. You either have to specify a keyfile to luksFormat or enter the passphrase on generation, which will not work without using expect or something. My suggestion: - Use the keyfile to init the device - After that: Add the passphrase via cryptsetup luksAddKey - Remove the slot with the keyfile from luks - Generate the crypttab in the way you've described I know its kind of ugly but probably the only way to go without expect'ing the input of luksFormat. Regards, Patrick
