Hi everyone,
only the directory /home was encrypted with LUKS, it works fine with my decryption at startup.
But journalctl -b -p 3 shows:
systemd-cryptsetup: Failed to activate, key file `/crypto_keyfile.bin` missing
Can I ignore it?
It is related to old issues
Disable to read the key file at startup:
- Edit
/etc/crypttab: - Change
/crypto_keyfile.bintonone - Restart
- No error appears in the logger
journalctl
OR
If you want to activate this key file crypto_keyfile.bin at startup without entering your password (like automatic entry): → bad security
dd bs=512 count=4 if=/dev/random of=/crypto_keyfile.bin iflag=fullblock
chmod 000 /crypto_keyfile.bin
chmod 600 /boot/initramfs-linux*
cryptsetup luksAddKey /dev/sdX# /crypto_keyfile.bin
If only your /home is encrypted, then adding a key file to / is not a good idea and makes the encryption useless.
1 Like
But why is /crypto_keyfile.bin in the conf file /etc/crypttab by default after installation?
Maybe it would be for lazy person who doesn’t want to manually enter password for decryption at boot.
We had a discussion recently about this key file: Why does the installer add a paswordless key to LUKS-encrypted partition? - #9 by winnie
However, convenience is great but why do you encrypt a partition but keep the key in an unencrypted partition? Against what are you protecting your data? Anyone with access to your physical hard disk, for which the encryption is the only protection, can just use this file to decrypt your data.
Yes, right.
Of course I used the first solution.
I already knew that a passwordless key file is bad security in an unencrypted partition, but lazy people does not think everyone knows how to crack it except computer scientists, if his device was stolen.
If you argue like that, you could also just use ext4 which is not supported right away in Windows 
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.