My personal preference is for cryptsetup to be somewhat minimal, and thus hopefully have less bugs in it. Since it's pretty easy to accomplish using just sh, I'm all for that approach. </2 cents> -- Roscoe On Mon, Mar 31, 2008 at 10:15 AM, Russ Dill <russ.dill@xxxxxxxxx> wrote: > Unlocking an encrypted filesystem with a key contained on another > encrypted file system is somewhat of a painful process, and has not > been automated in any distributions I've seen. It also means that the > keyfile must be generated and stored securely, which can lead to user > error. > > So I was thinking, why not chain two luks devices together. Take the > key of one device, and use it to encrypt the key of another device, > inserting the result into a keyslot of the second device. Then, once > the first filesystem is opened, the second filesystem can be opened. > > The user interface/use case for this model would be very simple and > easy for a new user to understand. > > I'm thinking of doing the code for this, but in case I get lazy, I > thought I'd put the idea out there. > > --------------------------------------------------------------------- > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > > --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
