-
-
Notifications
You must be signed in to change notification settings - Fork 157
How does tomb work
boyska edited this page Jan 23, 2012
·
8 revisions
The tomb is just a file containing luks with an ext3 filesystem inside. The only way to open the luks device is through a keyfile to be used as key material. Let's call this file LuksKey.
LuksKey is itself symmetrically encrypted using gpg -c
using user passphrase
A random file is created. It's added to luks as a keyfile. It's then encrypted with gpg -c
: this is the tombkey
the tombkey is decripted using gpg -d; the password is provided by the user. The output of gpg is LuksKey; it is passed to luks as --key-file