
My external HDDs are encrypted with LUKS. The keyfiles to decrypt these partitions are encrypted by GnuPG with a private key which is stored on a smartcard.
To easily mount my external HDDs I use this small bash script:
#!/bin/bash
gpg -d /media/usbstick/.secret/luks.key.enc | sudo pmount -p - $1 $2
Tutorial
Thats a quite simple tutorial. Most steps have been described in others howtos. Feel free to link them in the comments.
Setup
- Create a PGP keypair
- Generate a keyfile for the LUKS partition
- Make a copy of your PGP keyring and the LUKS keyfile and safe them in a safe location
- Move your keys to your smartcard and replace your private keys by stubs
- Create your LUKS partition
- Add the keyfile to a LUKS key slot
- Encrypt the LUKS keyfile
- Move the encrypted keyfile to an USB stick
- Add the script from above to your USB stick
Usage
- Insert your smartcard, USB stick and the LUKS encrypted harddisk
- Call the script from above from your USB stick
- Enter your smartcard pin
- Enjoy!
Have fun!