From b4c919e5569bb883fed2e53de01f3d80a4ff3532 Mon Sep 17 00:00:00 2001 From: Johannes Bauer Date: Thu, 22 Sep 2016 21:21:52 +0200 Subject: [PATCH] Fixups in the README --- README.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index f8f9176..37314e9 100644 --- a/README.md +++ b/README.md @@ -92,37 +92,37 @@ can do: # Host UUID Host PSK Disk UUIDs d66f96fc-7056-46e1-aea6-0f3d705cd3bc d94f3fc6c3507123bda4034dd8c865a1b4cf9870bda50e9ed9f861621d581017 952ebed9-5256-4b4c-9de5-7f8829b4a74a=54444656365a3658794451353241537377564653456c386d7256666e4839463562 ``` - We follow the suggested passphrase, which should contain 192 bits of entropy. + We follow the suggested passphrase, which should contain 192 bits of entropy. 4. We use cryptsetup luksAddKey to add the suggested passphrase to the LUKS - keyring of the server. - 6. The config script has given suggestions for server.txt and client.txt. We - copy the respective contents into the files. + keyring of the server. + 5. The config script has given suggestions for server.txt and client.txt. We + copy the respective contents into the files. 6. Then we create the server binary config: ``` $ luksrku-config server server.txt server.bin Successfully read key file with 1 entries. $ luksrku-config client client.txt client.bin Successfully read key file with 1 entries. - Passphrase to encrypt keyfile: + Passphrase to encrypt keyfile: ``` - Now we'll have a server.bin and password-protected client.bin. + Now we'll have a server.bin and password-protected client.bin. 7. On the server machine (i.e., the one with the LUKS disk) we copy - server.bin to /etc/luksrku-server.bin. + server.bin to /etc/luksrku-server.bin. 8. On the server, we modify the luksrku-script in the initramfs/ subdirectory - to fit the NIC of the server and the IP address we want (this is really + to fit the NIC of the server and the IP address we want (this is really ugly at the moment and needs to be fixed ASAP, but it is what it is now). 9. On the server, then run the "./install" script as root which will install - initramfs hooks. + initramfs hooks. 10. On the server, update the initramfs (update-initramfs -u). Previously make - a copy of your initramfs so that you can boot your system in case things - go wrong (which they will, trust me). + a copy of your initramfs so that you can boot your system in case things + go wrong (which they will, trust me). 11. Boot the server. If everything went fine (it won't at the first run), it - will now broadcast UDP packets onto the network indicating its presence. + will now broadcast UDP packets onto the network indicating its presence. These packets will be sent to UDP port 23170. 12. On the client, start the client to unlock the server's key: ``` $ luksrku --client-mode -k client.bin - Keyfile password: + Keyfile password: ```