I'm curious if it is possible to mount a partition encrypted by cryptsetup with LUKS securely and automatically on Ubuntu 10.0.4 LTS.
For example, if I use the key for the encrypted partition, than that key has to be presented on a device that is not encrypted and if someone steals my disk they'll be able to find the key and decrypt the partition.
Is there any safe way to mount an encrypted partition? If not, does anything exist to do what I want?
Best Answer
Yes, it is possible -- you can store the key in an encrypted home directory, or on the LVM-encrypted system volume, for example. However, both of these require you to decrypt the partition where the key is stored at some point -- if you're looking for unattended secure mount of an encrypted device at boot, that's much more of a challenge. See this question for a discussion.
We use encrypted LVM system drives a lot, and while it's a bit of a pain to have to enter the password at boot time, it means we can reasonably secure the disk (and any other encrypted devices, partitions, or volumes we want to mount) in the event of physical loss or theft. Doesn't help secure a running system a bit, though.