Bodo Staron wrote: > Now, I did some of the examples and everything works nicely. I still > have one question about security. Let's assume I use multi-key mode, > like in "7.2. Example 2 - Partition backed loop with gpg > encrypted key file". > > The key file is on that server. Isn't that a huge security risk, like > when your private PGP key leaks out? What if someone get's access to > that gpg keyfile? Examples in loop-AES README use symmetric cipher only to encrypt the key file, but nothing prevents you from using public key crypto to encrypt the key file. Attacker still need to know the passphrase that protects the key file or private key keyring. As long as attacker does not have that, key file contents are protected. Best solution is to store key file on removable USB memory stick. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
