Hello Jari, I am a heavy happy user of your loop-aes component. So first of all I want to thank you for your work. I've implemented some wrapping to enable users to use Linux, suspend2, loop-aes and PKCS#11 in order to have a secure mobile environment (http://wiki.suspend2.net/EncryptedSwapAndRoot). I've just went through some of the eCryptfs code and I've noticed they are using the kernel access key retention to move keys from user space into kernel. It looks quite clean implementation so that it does not require any patch to util-linux. I know that you support kernel 2.0 and above, so the util-linux patch is required... But maybe for newer kernels you can allow the kernel key interface support. I thought of something like user mode for /dev/loop0 and multi-key-v3: { echo AES256 gpg < keyfile.gpg } | keyctl padd user loop:0 @u Then use losetup or mount without any patches. The loop:# is required in order to allow a simple /etc/request-key.conf configuration for loop keys. So even if key is not provided the /sbin/request-key can instantiate it. Just an idea... Best Regards, Alon Bar-Lev. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
