Score:1

Is it safe to delete "/crypto_keyfile.bin"?

in flag

I use Lubuntu 20.04 with full-disk encryption.

# lsb_release -a
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.2 LTS
Release:        20.04
Codename:       focal

Each time I boot, there is a one line login to enter the pass-phrase.

Then, I check the key using cryptsetup and check which slot that being used.

# cryptsetup luksDump /dev/sda2 | grep ENABLE
Key Slot 0: ENABLED
Key Slot 1: ENABLED

I see there is /crypto_keyfile.bin in the root directory. When, I test to open it:

# cryptsetup open --key-file /crypto_keyfile.bin --test-passphrase /dev/sda2 --verbose
Key slot 1 unlocked.
Command successful.

It seem the file use slot number 1, not slot number 0 which is being use for my boot time pass-phrase.

Based on this documentation:

It may be useful to apply when using the GRUB early cryptodisk feature, in order to avoid entering two passphrases during boot.

My question is, is it safe to delete "/crypto_keyfile.bin"? If so, will it ask the second pass-phrase when the file is missing or even corrupt?

Thank you.

in flag
Disclaimer: I do not use Lubuntu. Take this comment with a grain of salt. ⇢ 30 years of experience with encryption has taught me many things, one of which being “don’t mess with things”. The file you speak of is measured in bytes. Why delete it? Does it interfere with the boot process? Or is this a cosmetic activity? If it ain’t broke, don’t poke it …
bayuah avatar
in flag
@matigo: I just curious what if that happened, so, I can have plans if such bad thing occurred. Of course I already backup the file in the secure location.
HuHa avatar
es flag
You are about to shoot yourself in the foot. Why would you want to delete that file if you quite obviously have no clue what it is?
bayuah avatar
in flag
@HuHa: That is why I ask about it. Besides that, I might be able to use slot number 1 for other purposes.
guiverc avatar
cn flag
I have no idea... but if I was curious like you seem to be, I'd just test it and see. I wouldn't test it on a box I value, but use a spare box (as I do QA-testing, I'd use a recent QA-test install for 20.04.3, or *impish* as those are what I'll have handy) or just test using a VM; installing/creating one if needs be.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.