On Sat, 07 Oct 2006 00:05:57 +0200 Jan Reusch <jreusch@xxxxxx> wrote: > > >> How i can make this encripted volume ?? > >> > >> cryptosetup --key-file key or > >> > > with this method only people wo can decrypt the keyfile with gpg can > > setup the mapping, so this is what you want > but beware, the drawback of this method is that you have to completely > erase the keyfile after you set up the mapping. > this is nearly impossible so you should pipe the output of gpg direct to > cryptsetup. > Jan I suggest that, if you do it this way, the key should be decrypted to a small ramdisk. The ramdisk should be either in "secure RAM" (meaning that the RAM area is not swapped) or you use a crypto-swap, each time encrypted with a random key. The size of a ramdisk is determined at boot time, on my system it is 8MB. # mkfs.ext2 /dev/ram0 # mkdir /mnt/ramdisk # mount /dev/ram0 /mnt/ramdisk then extract the key to /mnt/ramdisk. After using cryptsetup, you can unmount /mnt/ramdisk which causes the allocated RAM to be freed. Stefan > > --------------------------------------------------------------------- > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
