| 1 |
Am Sonntag, 30. März 2008 schrieb Florian Philipp: |
| 2 |
|
| 3 |
> On Sun, 2008-03-30 at 09:50 +0200, Dirk Heinrichs wrote: |
| 4 |
> > Am Samstag, 29. März 2008 schrieb Florian Philipp: |
| 5 |
> > > My goal is to open a Luks-mapping for /var with a gpg-encrypted file |
| 6 |
> > > on /boot and then open a mapping for /var/tmp with a plaintext file |
| 7 |
> > > on /var. |
| 8 |
> > |
| 9 |
> > See below. But while we're at it, can anybody tell me what's the |
| 10 |
> > advantage of a gpg-encrypted keyfile over a keyfile generated from |
| 11 |
> > /dev/urandom? |
| 12 |
> |
| 13 |
> Keys for urandom work great for /tmp and swap but how should I use this |
| 14 |
> for a partition which is supposed to keep its content between reboots? |
| 15 |
|
| 16 |
See my example below. |
| 17 |
|
| 18 |
> > Which warning, btw.? Works just fine here. |
| 19 |
> |
| 20 |
> "# Note when using gpg keys and /usr on a separate partition, you will |
| 21 |
> # have to copy /usr/bin/gpg to /bin/gpg so that it will work properly |
| 22 |
> # and ensure that gpg has been compiled statically. |
| 23 |
> # See http://bugs.gentoo.org/90482 for more information." |
| 24 |
|
| 25 |
Ah, I see. Since I don't use gpg it doesn't matter to me. |
| 26 |
|
| 27 |
> > target='c-usr' |
| 28 |
> > source='/dev/evms/usr' |
| 29 |
> > key='/etc/crypt/keyfile' |
| 30 |
|
| 31 |
Bye... |
| 32 |
|
| 33 |
Dirk |
Archives