* Fred Gazerblezeebe <fgazerblezeebe@xxxxxxxxx> wrote: > work, as described in your faq. (Interestingly, 'df' does not list > the mount, although I can see it has been mounted with 'ls /var'.) Hm. df should list them. What does mount say? > However, I don't think leaving unencrypted keys around is a viable > solution, and if I could get gpg to create them temporarily during > boot, I imagine it would also be able to decrypt them as part of > the original commandline in losetup.sh. Well, since you already have the password to unlock the keys in some file in cleartext, it wouldn't make much of a difference in my book. But I hear you :) Just for the record, I've no problems setting up encrypted partitions the "echo pw | magic" way via rc.local on my systems (various Slackware 12.x & 13.0-64). I realize that that approach won't work on your specific setup, but perhaps you could try the concept on a spare (swap?) partition. Anyway, someone mentioned on this list (I cannot find the article atm) that you can add to the (decrypted) root key additional lines of text, e.g. passwords or setup-lines - cos losetup will just take the first 65 lines as key input and ignore the rest. Maybe you can script something to make good use of that fact and set up additional partitions that way instead of going via the classic init-style script-approach. And if you are lucky the one who posted that info to this list is still reading it and will chime in too :) -- left blank, right bald loop-AES FAQ: http://mareichelt.de/pub/texts.loop-aes.php#faq
Attachment:
pgp40noOHSp1J.pgp
Description: PGP signature
