Hey there Dale & List, I believe Ryan and Bill (CC'd) are using AES full disk crypto on their systems. It seems complicated to me, but they can probably give you tips. I think Bill is using Debian and Ryan is using Arch. Bill's (DISA's) policies are pretty strict and probably require that his smart card be inserted at boot time. Ryan's history administering the intranet for a company in the medical field have set his bar probably higher than DISA's in many ways, but may not require that the physical token be inserted at boot. Cheers && 73, C.J. On Wed, 2012-03-28 at 13:17 +0100, Dale Amon wrote: > Been away from the list for awhile and you went > and moved the list on me! > > Yesterday I pulled out my notes from the last time > I set up a crypto disk and found that basically, > nothing worked. > > The losetup lists all the appropriate crypto types > in its Man page but when I try to actually use AES256, > it throws a fit. When I look in modules for the > current kernel, I do not see a module for aes at all. > > I might also note that I was surprised to find the -k > switch for specifying key size is gone. > > I tried downloading a package with aes in it, but it > turns out to require local build. So... I tried that. > > I discovered that the module failed to declare kpkg > as a prerequisite. I eventually figured that error out > and selected it manually. > > And then I tried everything I could think of short of > going 'all the way in': I tried module-assistant; I > tried m-a; I tried the commands from the INSTALL file > one at a time. All of them failed. > > This is just SOOooo 1999... aren't things supposed to > get better with time? ;-) > > I would be happy to supply any information required > or to run a few tests in between other work. Test > server is an ancient (perhaps 2003) box with Ubuntu > Oneiric, fully up to date. > > If I want to use something like this for a production > environment, it has to be solid and update and work > forever into the future. > > -- > To unsubscribe from this list: send the line "unsubscribe linux-crypto" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
signature.asc
Description: This is a digitally signed message part
