MSV FM

[email protected]: ~ $
Path : /lib/dracut/modules.d/91crypt-gpg/
File Upload :
Current < : //lib/dracut/modules.d/91crypt-gpg/README

# Directions for changing a system from password-based gpg keyfile
# to smartcard-based gpg keyfile

# Be sure that you meet the following requirements:
#  1. GnuPG >= 2.1 installed with
#     * Smartcard support enabled (scdaemon must be built)
#     * Direct CCID access built into scdaemon
#  2. A password-based gpg keyfile ${KEYFILE} (e.g. "keyfile.gpg"):
#     That is, a file containing the slot key for LUKS, which
#     has been encrypted symmetrically with GnuPG using
#     a password.
#  3. Your public OpenPGP identity ${RECIPIENT} (e.g. "3A696356")
#  4. An OpenPGP smartcard holding the decryption key associated
#     with your public identity
#  5. A CCID smartcard reader

#  Notes: Requirement 4. and 5. can of course be one device, e.g.
#         a USB token with an integrated OpenPGP smartcard

# Make a backup of your keyfile (assuming it lies on the boot partition)
$ cp /boot/${KEYFILE} /safe/place/keyfile.bak.gpg

# Change your keyfile from purely password-based to both
# password-based and key-based (you can then decrypt the keyfile
# with either method). As an example aes256 is chosen, the cipher
# is not important to this guide, but do note that your kernel
# must support it at boot time (be it built into the kernel image
# or loaded as a module from the initramfs).
$ cat /safe/place/keyfile.bak.gpg | gpg -d | gpg --encrypt --recipient ${RECIPIENT} --cipher-algo aes256 --armor -c > /safe/place/keyfile_sc.gpg

# Verify that you can decrypt your new keyfile both with the password
# and your smartcard.
# (with smartcard inserted, you should be prompted for your PIN, unless
#  you already did so and have not yet timed out)
$ gpg -d /safe/place/keyfile_sc.gpg
# (with smartcard disconnected, you should be prompted for your password)
$ gpg -d /safe/place/keyfile_sc.gpg

# After verification, replace your old keyfile with your new one
$ su -c 'cp /safe/place/keyfile_sc.gpg /boot/${KEYFILE}'

# Export your public key to where crypt-gpg can find it
$ gpg --armor --export-options export-minimal --export ${RECIPIENT} > /safe/place/crypt-public-key.gpg
$ su -c 'cp /safe/place/crypt-public-key.gpg /etc/dracut.conf.d/crypt-public-key.gpg'

# Rebuild your initramfs as usual
# When booting with any of the requirements not met, crypt-gpg will default to password-based keyfile unlocking.
# If all requirements are met and smartcard support is not disabled by setting the kernel option "rd.luks.smartcard=0"
# crypt-gpg will try find and use a connected OpenPGP smartcard by prompting you for the PIN and then
# unlocking the gpg keyfile with the smartcard.
Bethany
Bethany
0%
Book Now

THE FINEST HOTEL NEAR LAKE KIVU

The Perfect Base For You

Required fields are followed by *





EC1A68011

About Us

Delicious Interior With The Pinch Of Everything

Bethany Investment group is Presbyterian church in Rwanda(EPR) company that manage Hotel and Guest house in Karongi (Bethany Hotel), ISANO branch in GIKONDO(Kigali), Kiyovu branch(Kigali), AMIZERO branch(Nyagatare-East) and Gisenyi Branch(Rubavu).

Learn More

Accomodation

Get a Comfortable Room
Feel The Comfort

Get a comfortable room and feel our hotel’s comfort. Bethany Hotel features a variety of fully furnished rooms with extra space, Executive rooms, Deluxe rooms with a beautiful lake view and garden space, Deluxe rooms, comfort rooms, family rooms and standard rooms at your service.

Restaurant

CHECK DETAILS

Standard Single

CHECK DETAILS

Kivu Side

CHECK DETAILS

Accomodation

CHECK DETAILS

Services

We Provide Top Class Facility
Especially For You

Beach BBQ Party

Kick back on the beach& and enjoy our berbecue from our masterchef

Breakfast

Kick back at our hotels& enjoy our breakfast from our masterchef

Conference Hall

Kick back at our hotels& enjoy our conference halls from all bethany branches

Enjoy with your partner

Honeymoon Package

80%

Book Now

Get In Touch

Don’t Miss Any Update

    +

    Search your Room

    Required fields are followed by *