Re: Multi-key loop-aes question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jari,

Thanks for the prompt response and clarification.

I am trying to mount local crypto filesystems with a key help remotely
(on USB keydrive). I currently use the following:

ssh user@host cat keyfile | mount -p 0 ...

I was wanting to upgrade this to multi-key encryption. Looks like I will
need to go down the path of using the shfs (http://shfs.sourceforge.net/)
module to get to the key files (I don't want anything stored locally).

FYI, suggestions welcome, hope I've explained it clearly enough.

Thanks again,
Daniel.

On Sun, 14 Mar 2004, Jari Ruusu wrote:

> Daniel Harvey wrote:
> > I'm using the latest version of loop-aes (2.0f) on Debian. I can only key
> > the multi-key mode to work off a GnuPG encrypted key, not otherwise.
> >
> > I create 64 keys using:
> >
> > head -c 2880 /dev/random | uuencode -m - | head -n 65 | tail -n 64
> >
> > and then pass them into losetup using 'cat xxx | losetup -p0 ...'.
> >
> > Am I doing something wrong?
> >
> > Any thoughts appreciated...
>
> Currently only "mount -o encryption=AES128,gpgkey=filename",
> "losetup -e AES128 -K filename" and "swapon -a" can set up loop in multi-key
> mode with MD5 IV.
>
> If you are trying to set up encrypted swap partition, "swapon -a" with
> "loop=/dev/loop6,encryption=AES128" options in /etc/fstab will set up
> loop in multi key mode with random keys. If you are trying to set up
> encrypted /tmp partition, you may want to take a look at tmpfs file system
> that uses encrypted swap.
>
> --
> Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD
>
>
>

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux