[arch-projects] [initscripts][RFC] cryptsetup: deprecate old syntax and default to the systemd one

Tom Gundersen teg at jklm.no
Wed Jul 11 05:13:27 EDT 2012


Heiko,

On Wed, Jul 11, 2012 at 11:04 AM, Heiko Baums <lists at baums-on-web.de> wrote:
>> [0]: <http://0pointer.de/public/systemd-man/systemd.unit.html> (note
>>      that keyfile-offset support is coming in the next systemd
>> version). ---
>
> Do you know what's about reading a key raw from a USB stick by dd? In
> the link you posted nothing is mentioned about cryptsetup.

Damn, I pasted the wrong link. Sorry about that. It should have been:
<http://0pointer.de/public/systemd-man/crypttab.html>.

So, to decrypt /dev/sda1 using a 1024 bits key stored at an offset of
1MB on the key usb drive /dev/sdd, you would do

secret       /dev/sda1      /dev/sdd      size=1024,keyfile-offset=1024

The missing keyfile-offset entry from the link is:

"keyfile-offset=
           Specifies the number of bytes to skip at the start of the
keyfile; see cryptsetup(8) for possible values and the default value
of this option."

Cheers,

Tom


More information about the arch-projects mailing list