Hello, First of all, sorry for that late response. As I'm messing up most with crypt module I think I'm supposed to answer you. :-) The idea and patch seems cool, but I've got a little question: Excerpts from shadowfax's message of Fri Sep 10 14:06:03 +0200 2010: > +1. Physical Security. > + > +You must physically secure your machines. The private key that connects > +to the key server will be located on the /boot partition in plain text. > +Anyone with access to the machine could get that key and then get the > +encryption key from the key server. Why just don't have key inside /boot? It's almost the same security level or even higher, 'cause it doesn't grant access to the keys-server. Storing keys remotely this way doesn't increase security, but complicates maintenance. If you're assuming that intruder cannot have physical access to the machine, there's no need to encrypt the data. The cryptLUKS protects against physical access. Cheers, -- Amadeusz ÅoÅnowski PGP key: 1024D/C284750D
Attachment:
signature.asc
Description: PGP signature
