Unlocking an encrypted filesystem with a key contained on another encrypted file system is somewhat of a painful process, and has not been automated in any distributions I've seen. It also means that the keyfile must be generated and stored securely, which can lead to user error. So I was thinking, why not chain two luks devices together. Take the key of one device, and use it to encrypt the key of another device, inserting the result into a keyslot of the second device. Then, once the first filesystem is opened, the second filesystem can be opened. The user interface/use case for this model would be very simple and easy for a new user to understand. I'm thinking of doing the code for this, but in case I get lazy, I thought I'd put the idea out there. --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
