Score:0

Server

LUKS decrypt on boot with web based key?

user3246693

11/7/22, 5:26 AM

Is it possible to configure LUKS to grab a key file from a web server and use it to decrypt and mount the drive on boot?

The idea being that this allows the device to boot, decrypt, and start running without any intervention, but should the device be stolen I can simply nuke the key from the web server and the drive is no longer decrypted automatically.

I didn't see anything in /lib/cryptsetup/scripts so I'm wondering if there's another option available to do this?

Yes, I realize this hinges on the premise that the thief doesn't boot the system up, check the config and download a copy of the key before I can delete it from the web server, but that's an acceptable risk in this case.

62

1 + 0

debian

luks

Score:0

Server

Tomek

11/7/22, 6:38 AM

You should have a look at clevis and tang.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: LUKS decrypt on boot with web based key?

TH: LUKS ถอดรหัสเมื่อบู๊ตด้วยคีย์บนเว็บหรือไม่

RO: LUKS decriptează la pornire cu cheie bazată pe web?

RU: LUKS расшифровывает при загрузке с помощью веб-ключа?

VI: LUKS giải mã khi khởi động bằng khóa dựa trên web?

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.