I notice that LUKS has support for keyfiles and passwords. AFAICT, however, it doesn't have support for an encrypted keyfile; that is, a key file (say on a USB disk) will decrypt the volume but that keyfile is itself encrypted so that loss of both the usb key and the laptop doesn't render it completely vulnerable. To boot both the usb token must be present and the password entered. Or, am I missing something and this is already possible? Please CC me on replies. Thanks, Matt -- Matthew Johnson www.matthew.ath.cx
Attachment:
signature.asc
Description: Digital signature
