Thanks rknichols,
I have used both pass phrases and key files. On my servers I have the OS installed on a USB flash drive - saves a SATA port for a data drive - and have a key file in /root on the flash drive. Entries in /etc/crypttab unlock the data drives - well actually unlock the encrypted partitions on the drives.
What prompted my question... I read this week of a court case which required a person to unlock his smart phone with a finger print. This action was decided not to be protected under the 5th Amendment; just as providing a physical key to a physical save is not protected. However, providing a password from one's brain IS protected. Therefore I could be compelled to provide a key-file to decrypt a drive while I could not be compelled to provide the pass phrase to the same drive. That got me wondering if there was any way to determine that a key-file was referenced by the encrypted drive, file, partition etc.
Not that I have anything that sensitive on my servers. If I did I would take the old school approach. A thermite grenade on top of the hard drives and a trip wire across the doorway
The reason I encrypted the drives is in the event I ever have to return one for warranty replacement. It would be hard to make sure I had deleted a batch of old tax returns from somewhere on a multi-TB drive. This concept has already proved it value. I had just installed 2 new 6 TB Western Digital drives in my server and copied about 1 1/2 TB of data onto one drive when it began throwing errors. I simply unplugged it and sent it back.
Thanks again,
Ken