mevdschee
Why deleting keys after adding them to the luks partition?
I wanted to create keys with generate_key.sh and then I wanted to install the keys with install.sh
But install.sh is deleting the keys after adding them to the luks partition, without having any chance to copy it somewhere. Why is it solved like this?
I mean, it was easy to generate the key again, because install.sh contains all information to generate the exact same key, so I really don't understand the deletion?
Just for cleaning up. Why is deleting the file a problem? Can you explain?
If you generate a key, add it to the luks partition, but delete it immediately, how should one be able to copy it on a usb stick?
The script should warn the user that it gets deleted or create a dialog "Copy the key xy.lek by hand and press enter to delete it"
I think you meant to have this steps:
- generate_key.sh
- create_usb.sh
- install.sh (in the key directory)
But if someone uses one usb stick for several machines, the person doesn't want to format the stick again (skipping step 2). In general I would generate the key, add it to luks and copy it to several keys (to have backups) and then delete it by hand if I decide if I have enough copies.
And it isn't really cleaned up if there is still the script (install.sh), which contains the steps to recreate the key. The script should delete itself after it's done, but it should not be deleted if it doesn't run correctly.
I think you meant to have this steps:
Yes, but step 3 is to be executed on another (the target) computer, while step 1 & 2 should be executed on the sysadmin computer. Note that step 2 also copies the key files onto the USB stick.
But if someone uses one usb stick for several machines,
The key files should not be reused. You should have one key file per machine. The USB stick can hold multiple key files and the boot script will automatically use the right one.
The script should delete itself after it's done, but it should not be deleted if it doesn't run correctly.
Yes, that could be an improvement.