Noll Janos wrote: > I have the following idea about implementing session keys in loop-AES, > and I'd like to hear what you think of it. > > Goals: > > 1. The user must be able to change the password of the encrypted device > 2. More than one user has to be able to access (unlock) the > device (w/password) > 3. Users (passwords) can be added or removed as time goes on This can be done in user space using GnuPG. A long and random session key is encrypted using each users public key. Users just need to type their personal GnuPG key to unlock the session key that is then piped to "losetup -p 0". See example #4 in loop-AES' README file for more info. Regards, Jari Ruusu <jari.ruusu@pp.inet.fi> - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/