Rudolf Deilmann <rudolf.deilmann@xxxxxxxxx> wrote: > It's an documented feature of bash: > http://www.network-theory.co.uk/docs/bashref/Redirections.html > there is even another way to do the same ;) > PLAIN=$(cat /upscript.gpg | gpg --decrypt --no-tty --quiet \ > --passphrase-fd 8 8< <(echo "$PASS")) > I wonder, why it doesn't work on your system. Perhaps, your script is > still executed by dash. Feature of bash or not, the fact is it didn´t work. My impression was just it looks a bit awkward. Scripts can be structured in many ways. Concerning the loopcrypt script I can only offer you to send an example and I will copy & paste it with no modification. Today I installed KDE 4.0 additionally, just to take a look at it. I´m not going to lose precious data if this installation gets damaged. > there is another useful thing, that is easy to configure: > /etc/initramfs-tools/conf.d/resume > suspend-to-disk is possible (of course, the swap parition must be > encrypted with the same 65 keys every time) > You only need to map the swap-partition to /dev/loopX > in /etc/initramfs-tools/scripts/local-top/loopcryptup and add this > new device to /etc/initramfs-tools/conf.d/resume > (I haven't tested it with an actual version of ubuntu till now, because > I don't need it. In previous releases, you also need to change a line > in /etc/acpi/hibernate.sh, if you want to use /dev/loopX instead of > UUID,... ) Hibernation was the top feature in Win2k. My box runs for so many hours, I´m glad to log on to a fresh session every now and then. Laptop users might appreciate this. For swap encryption I decided to use this: /etc/rcS.d/S09losetup --- #!/bin/sh /sbin/losetup -e AES256 -H random/1777 -s XXX /dev/loop1 /dev/hdb mkswap /dev/loop1 --- In this way a fresh key is used at each boot. The space where once the partition table was is now used for swap, too. I ran swap with up to 4 layers of encryption. The main point is, all ciphers apart from AES are slow. Since AES was optimized for AMD64 it is the best choice. 4 mixed 256-bit layers (aes, twofish, serpent, aes) end up somewhere little above 10 MB/sec. which makes no sense. Single core machines are no match for this. Best regards Peter -- GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS. Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
