GnuPG smart card && geli
RW
rwmaillists at googlemail.com
Fri May 19 15:14:23 UTC 2017
On Fri, 19 May 2017 10:19:06 -0400
mfv via freebsd-questions wrote:
> >This would lead to a system (netbook) which never can be booted or
> >otherwise data read from and you can only boot it with the USB boot
> >key, the USB GnuPG-card and the PIN (normally 6 digits).
6 digits doesn't sound very secure.
> >Any comments on this?
> >
> > matthias
> >
>
> Hello Matthias,
>
> I agree with your idea. Some time ago I did some research to find out
> a method to read the password from a USB memory stick but was not
> successful. I was not concerned with disk encryption, just wanted a
> very long password, automatic login and no system access without a
> hardware key.
A geli device can be set-up to use a passphrase and/or a passfile. You
could just put the passfile on a memory stick and not use
a passphrase at all.
FWIW I use a passfile to attach geli encrypted partitions, but the
passfile is stored in a small geli encrypted file-backed md device
that's passphrase protected. I did this just to avoid having to type any
more than I need to, but that backing file could just as easily be on a
memory stick.
More information about the freebsd-questions
mailing list