[systemd-devel] Cache passphrase for cryptsetup?
Nikolaus Rath
Nikolaus at rath.org
Sun Apr 20 16:45:09 PDT 2014
Matthew Monaco <matt at monaco.cx> writes:
> On 04/19/2014 02:49 PM, Nikolaus Rath wrote:
>> I have several LUKS encrypted volumes that use the same
>> passphrase. Before switching to systemd, I have used the decrypt_keyctl
>> keyscript to cache the passphrase, so that I have to enter it only once.
>>
>> As far as I can tell, the systemd cryptsetup generator is ignoring the
>> keyscript option in /etc/crypttab when creating units.
>>
>> Is there another way to achieve passphrase caching with systemd?
>
> No, 'keyscript' is not (currently) supported. IMHO, you're not reducing your
> security any by e.g. unlocking /root and storing keys for the other volumes
> there.
Agreed, but it doesn't help much. You have to unlock swap first or it
will break hibernation, which means you still need to enter the password
at least twice.
> However, you could probably cook up some units that take your
> password, write it to /run and then point all of your volumes their.
Good idea (though it wouldn't be units but initramfs hooks), thanks!
Best,
-Nikolaus
--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F
»Time flies like an arrow, fruit flies like a Banana.«
More information about the systemd-devel
mailing list