Hello all, I apologize if this is an easy question, but I've been Googling around for an answer with no luck and the man pages aren't helping, so I'm asking here. If this is documented somewhere, feel free to just point me there. For context, I want to setup an ecryptfs volume with an ephemeral key. I do *not* want the key stored anywhere. I want to never, ever be able to access the data again upon restart. I actually want to be forced to start over from nothing upon restart. >From looking at the options for starting up ecryptfs, it looks like they all either require the key to be in a file or available in the history/ps/etc.: passphrase_passwd=(passphrase) passphrase_passwd_file=(filename) passphrase_passwd_fd=(file descriptor) passphrase_salt=(hex value) openssl_keyfile=(filename) openssl_passwd_file=(filename) openssl_passwd_fd=(file descriptor) openssl_passwd=(password) I'd rather not even store the key in a file and then remove the file, because technically that file might get persisted to disk and remain there after the delete. The only thing I can think of is that maybe there is something magical you can do with file descriptors to get it to store the key in memory, have a file descriptor point to that memory location and then destroy the fd and memory. I'm unfortunately not that well-versed in how this would work though, so before diving down that potential rabbit hole was hoping to get some guidance from people on this list. All help is appreciated. --Eric -- To unsubscribe from this list: send the line "unsubscribe ecryptfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
