Can luks in fedora 10 , encrypt using a combination of keys and passphrase

Bruno Wolff III bruno at wolff.to
Mon Dec 8 14:30:43 UTC 2008


On Mon, Dec 08, 2008 at 14:10:58 +0530,
  Huzaifa Sidhpurwala <huzaifas at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Yep,
> I am wondering if i can have one slot filled by a passphrase and the
> second one by a key, do you know if that is possible?

There is an encrypted copy of the disk key in each slot. The key for each
slot appears to be a string. It can be entered as a passphrass or a key
file. That much is clear from the cryptsetup documentation. You had
mentioned a public key system before, but I don't think that makes much
sense to use. The key file allows you to use keys with lots of entropy, but
the advantage to that is somewhat negated if the users will have passphrases
of their choosing that they use to get at the disks.




More information about the fedora-devel-list mailing list