On Thu, 2009-10-08 at 18:11 +0200, markus reichelt wrote: > * Fred Gazerblezeebe <fgazerblezeebe@xxxxxxxxx> wrote: > > > echo "<SUPPRESSED>" | losetup -p0 -e aes128 \ > > -K /etc/keys/varkey.gpg /dev/loop6 /dev/sda6 > > Have you tried using the cleartextkey (-P) option? > After creating a plaintext aes key, both mount -p3 -t ext4 /dev/sda6 /var -o loop=/dev/loop6, \ encryption=aes128 3</etc/keys/varkey.pt and mount -t ext4 /dev/sda6 /var -o \ loop=/dev/loop6,encryption=aes128,cleartextkey=/etc/keys/varkey.pt work, as described in your faq. (Interestingly, 'df' does not list the mount, although I can see it has been mounted with 'ls /var'.) However, I don't think leaving unencrypted keys around is a viable solution, and if I could get gpg to create them temporarily during boot, I imagine it would also be able to decrypt them as part of the original commandline in losetup.sh. FG - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
