Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 19 May 2017 12:15:14 -0400
From:      mfv <mfv@bway.net>
To:        RW via freebsd-questions <freebsd-questions@freebsd.org>
Cc:        RW <rwmaillists@googlemail.com>
Subject:   Re: GnuPG smart card && geli
Message-ID:  <20170519121514.21469751@gecko4>
In-Reply-To: <20170519161416.68df0fc8@gumby.homeunix.com>
References:  <20170517103822.GB16462@c720-r314251> <20170519101806.1674fda0@gecko4> <20170519161416.68df0fc8@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> On Fri, 2017-05-19 at 16:14 RW via freebsd-questions
> <freebsd-questions@freebsd.org> wrote:
>
>On Fri, 19 May 2017 10:19:06 -0400
>mfv via freebsd-questions wrote:
>
>
>> >This would lead to a system (netbook) which never can be booted or
>> >otherwise data read from and you can only boot it with the USB boot
>> >key, the USB GnuPG-card and the PIN (normally 6 digits).  
>
>
>6 digits doesn't sound very secure.
>
>> >Any comments on this?
>> >
>> >	matthias
>> >    
>> 
>> Hello Matthias,
>> 
>> I agree with your idea.  Some time ago I did some research to find
>> out a method to read the password from a USB memory stick but was not
>> successful.  I was not concerned with disk encryption, just wanted a
>> very long password, automatic login and no system access without a
>> hardware key.    
>
>A geli device can be set-up to use a passphrase and/or a passfile. You
>could just put the passfile on a memory stick and not use
>a passphrase at all.
>
>FWIW I use a passfile to attach geli encrypted partitions, but the
>passfile is stored in a small geli encrypted file-backed md device
>that's passphrase protected. I did this just to avoid having to type
>any more than I need to, but that backing file could just as easily be
>on a memory stick.  
>
>_______________________________________________
>freebsd-questions@freebsd.org mailing list
>https://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to
>"freebsd-questions-unsubscribe@freebsd.org"

Hello RW,

Is it possible to automatically read a password/passfile during boot
up from a USB memory stick without geli? If so, how?

Cheers ...

Marek

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170519121514.21469751>