Page 13 of 13 FirstFirst ... 3111213
Results 121 to 123 of 123

Thread: Manual Full System Encryption has been updated and simplified

  1. #121
    Join Date
    Aug 2019
    Beans
    1

    Re: Manual Full System Encryption has been updated and simplified

    Hello! Could you tell me please, why is there two enabled key-slots? First (0) slot contains my password, but what about second slot (1)?

  2. #122
    Join Date
    Mar 2012
    Beans
    7

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by no95typem View Post
    Hello! Could you tell me please, why is there two enabled key-slots? First (0) slot contains my password, but what about second slot (1)?
    I think the subject has been addressed (see quotation below) : one key is for the first-stage decryption and corresponds to your password, and the other is for the rest and is automatically retrieved during first-stage decryption.
    Quote Originally Posted by Paddy Landau View Post
    Quote Originally Posted by thrdroom View Post
    The script forces me to choose two different passwords for system and data-drives. As i don’t want to overcomplicate things(in case of dataloss or crash), i want to have the same password for both drives and only one single keyfile. I think the user should have the choice to choose what he want's.
    Having the same passphrase is unnecessary, because once the system has been decrypted, it will automatically decrypt the data drive. However, if it's really what you want, all that you need to do is to replace the existing passphrase with the new one.
    Code:
    sudo cryptsetup luksChangeKey /dev/sda3   # Replace /dev/sda3 with the correct partition name.
    I could be wrong however, since I was only reading this out of curiosity and don't intend to use it right now, so I may be missing something...

  3. #123
    Join Date
    Sep 2019
    Beans
    1

    Re: Manual Full System Encryption has been updated and simplified

    Thanks for this! I found it very helpful while setting up a new install of ubuntu-19.04.


    One issue I ran into, however, was that I couldn't seem to get GRUB to open the LUKS volume at boot time. Turns out the LUKS volume was being created as LUKS2 by default, and GRUB doesn't support LUKS2 volumes.


    I resolved this by modifying encryptinstallation to force it to use LUKS1:

    Code:
    echo -n "${PASSPHRASE}" | sudo cryptsetup luksFormat --type=luks1 --hash=sha512 --key-size=512 --key-file=- ${PARTITION}

Page 13 of 13 FirstFirst ... 3111213

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •