>>> On Thu, 24 Jun 2004 03:29:05 -0700 (PDT), Thomas "Müller" >>> <etwcn@xxxxxxxxx> said: etwcn> [ ... ] I have partition that is encrypted with a single etwcn> passphrase. For better security I would rather like to use a gpg etwcn> keyfile, but I do not want to wipe the partition and make a etwcn> completely new setup. Is it possible to put the passphrase in a etwcn> gpg keyfile [ ... ] To me it seems that, even if it depends on the kind of threat model you are implicitly assuming, putting your passphrase into a GPG keyfile can significantly reduce the ``security'' of your data, for some definition of ``security'' that might matter practically. I'd like to learn why you think that to remove the passphrase from your memory and to "put the passphrase in a gpg keyfile" instead might conceivably result in "better security". Now, if you intend instead to create a new random private key, and use that instead of the passphrase as the cipher key, and reencrypt your partition, presumably you can use 'aespipe' twice do do that. Arguably switching from a passphrase to a random private key in a GPG file might slightly improve ``security'' whatever that is, in some vaguely plausible scenarios, even if I am a bit sceptical. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
