-1

I have on my Ubuntu an encrypted partition (encrypted with cryptsetup).

Currently, I mount the partition with

sudo cryptsetup luksOpen /dev/sda1 backup && wait && sudo mount /dev/mapper/backup /backup

and it prompts for the paraphrase.

So is there a way to put this line in a script and mount automatically the partition (in order to do daily backup) like this:

sudo cryptsetup luksOpen /dev/sda1 backup < paraphrase

or better:

sudo cryptsetup luksOpen /dev/sda1 backup < hashed_paraphrase
Edgar Rokjān
  • 17,245
  • 4
  • 40
  • 67
John Doe
  • 354
  • 2
  • 10
  • Correct me if I get this wrong, but doesn't **any** "automated way to mount an encrypted partition" (without you entering the keyphrase) defeat the whole purpose of the encryption, by putting the key on a local drive (where it can be retrieved)? – DevSolar Apr 04 '16 at 15:40
  • cause this partition is my backup partition. and the key to decrypt it is on my home partition (also encrypted) :-) so if my server is shutting down, anyone can open any of the two partition, home and backup – John Doe Apr 07 '16 at 13:07

2 Answers2

2

From the cryptsetup(8) man page:

   --key-file, -d name
          Read the passphrase from file.

          If  the name given is "-", then the passphrase will be read from
          stdin.  In this case, reading will not stop at  newline  charac‐
          ters.
Ignacio Vazquez-Abrams
  • 776,304
  • 153
  • 1,341
  • 1,358
0

I create a random file

sudo dd if=/dev/urandom of=/home/username/keyfile bs=1024 count=4 
chmod 400 /home/username/keyfile

then, I had the keyfile to my encrypted partition

 sudo cryptsetup luksAddKey /dev/sda1 /home/username/keyfile

And to mount automaticaly the partition:

sudo cryptsetup --key-file /home/username/keyfile luksOpen /dev/sda1 backup
John Doe
  • 354
  • 2
  • 10