I encrypted a headless server with cryptsetup/LUKS.
2 HDDs with 512 MB /boot on /dev/md0 and 1,61 TB LUKS encrypted /dev/md1 with LVM containing /, swap, and others.
I installed dropbear (and busybox was already installed) to unlock everything during the boot process. I use GRUB2.
So far everything works fine. I can login with a private key on dropbear listening on port 22 and unlock LUKS with the command
echo -n "passphrase" > /lib/cryptsetup/passfifo
as soon as I do this, the server boots as if nothing is encrypted. Which is exactly what I want.
Now, while this works fine, it's not how I want it to work.
First off all, I can't find any documentation on /lib/cryptsetup/passfifo. How does it even work?
Second, I generated a Keyfile with GPG (also one with cryptsetup as a loop back device) that I want to use instead of a password. But I can't find any documentary on how to do this in busybox. GPG does not seem to be installed, so I can't use that key (can I somehow make GPG available to busybox?)
So at the moment, the only way for me to unlock my system is to pass my password to /lib/cryptsetup/passfifo which I don't want to use.
I tried using cryptsetup directly in it's busybox path like
cryptsetup luksOpen /dev/md1 cryptdisk
I did not show any errors, but my system did not proceed with the boot.
Any ideas what I could do, or is there something wrong with my approach of handling this?