[dm-crypt] Passphrase protected key file?

Jorge Fábregas jorge.fabregas at gmail.com
Tue Jul 12 13:40:28 CEST 2011


On 07/11/2011 06:17 PM, Laurence Darby wrote:
>  gpg -d ~/pass_key  | cryptsetup luksOpen --key-file - /dev/loop1 loop1

I don't see the point of this.  If you need to enter a passphrase for
GPG to decrypt your stored key...why not simply use a passphrase
(instead of a key file) for cryptsetup?  In both cases you would be
entering a passphrase (so the manual work is the same).  Also,  if you
use just a passphrase for cryptsetup I see an advantage there:  there's
no hash or "encrypted version" of my passphrase stored _anywhere_ on the
system.

Regards,
Jorge


More information about the dm-crypt mailing list