LUKS one-time key

Posted on

Hey guys!

So I have a question. I know that LUKS stores (up to 8) hashed passwords (or derivative keys) w/salt in the header, which is then used later in order to unlock the master key and then decrypt the data on the partition. Is there a way to create a one time key for transport of the drive, making the end user "phone home" to get the one-time passphrase and then permanently deleting that derivative key?

If you have any questions let me know!