From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id C8A6A138010 for ; Mon, 3 Sep 2012 20:59:03 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5E5E421C0AD; Mon, 3 Sep 2012 20:58:05 +0000 (UTC) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) by pigeon.gentoo.org (Postfix) with ESMTP id E26B0E07D8 for ; Mon, 3 Sep 2012 20:53:01 +0000 (UTC) Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id A32B720A03 for ; Mon, 3 Sep 2012 16:53:01 -0400 (EDT) Received: from frontend2.nyi.mail.srv.osa ([10.202.2.161]) by compute3.internal (MEProxy); Mon, 03 Sep 2012 16:53:01 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=binarywings.net; h=message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type; s=mesmtp; bh=RftcyTwdFIWoV3C7eoDauEHR AEY=; b=FQC547cV0X+b9aTYJ/AoRnaYnF5HplWmfUAiwsaGlJPh7BKt3Y8gzSdr BPNt2mMiNKCLxzxb3Sex79EzGCXse1T8G/YthvhUbEtp/wSlZiYyVN6lmgKhVwjg F7kaH3F+dKHbb8hxP2B+m0sV11ZwDPLg4RJ6BePgHxrCCYL9FSw= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type; s=smtpout; bh=Rftc yTwdFIWoV3C7eoDauEHRAEY=; b=TKWwTYIrpSUTTsP5c2k9lnfBbFG23mE7TFoF 67/KKkolS5qXql9WzB9o1Uu/5gcV66Nlwvx2Zmco9HuuKwJACAplBkv3Yl+3D5kD 9Klp3LX+tQvAvFDkOWiGzyx3Vaalv//0yNrtEGpBBiwQtSJJB85XL4+hAoW1f12H 2rx8j+E= X-Sasl-enc: BcbpFiD17JfxntJapRyBiapah8VVB6vkgBOR9lGnQxjV 1346705579 Received: from [10.205.12.71] (unknown [46.115.43.12]) by mail.messagingengine.com (Postfix) with ESMTPA id 67987483514 for ; Mon, 3 Sep 2012 16:52:59 -0400 (EDT) Message-ID: <504518A3.7000207@binarywings.net> Date: Mon, 03 Sep 2012 22:52:51 +0200 From: Florian Philipp User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6esrpre) Gecko/20120804 Thunderbird/10.0.6 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go? References: In-Reply-To: X-Enigmail-Version: 1.3.5 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigCD8D03E71C015A0FAC08FD0B" X-Archives-Salt: cfb57f14-5054-4f91-b335-457ac71d1a09 X-Archives-Hash: 0cfced818607e3c6bf45517b2b556a6c This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigCD8D03E71C015A0FAC08FD0B Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 03.09.2012 22:36, schrieb "Roland H=C3=A4der": > Opps, here is the missing link: http://wiki.gentoo.org/wiki/DM-Crypt >=20 > (I don't think it is a good idea to store the keyFile somewhere > plain, [2] tells that there is support for crypt-gnupg, but it > doesn't show any help how to setup it. >=20 > [2]: http://wiki.gentoo.org/wiki/Dracut >=20 No comment on dracut as I have no experience with it. However, as I see it, you need no key file if you just use a pass phrase. In my opinion, a key file is only necessary for two improvements:= 1. Two-factor authentication (read: encrypted key file) 2. Avoiding re-typing the pass phrase for multiple dmcrypt partitions You can easily achieve the second point by putting an unencrypted key file on the first partition which you encrypt with a pass phrase. You don't even need dracut for this, /etc/conf.d/dmcrypt lets you configure it easily (as long as it doesn't affect /usr). However, I personally find it easier to put LVM on a single dmcrypt volume and be done this. All you need for this to work are two lines in /etc/rc.conf: rc_dmcrypt_before=3D"lvm" rc_dmcrypt_after=3D"udev" Regards, Florian Philipp --------------enigCD8D03E71C015A0FAC08FD0B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlBFGKcACgkQqs4uOUlOuU+9owCfTdbeG9hyIc+5aniEvACH4bh8 qJUAnRU5qVz0G5CgZ/wv0Uh/IodWk6LF =Tjx0 -----END PGP SIGNATURE----- --------------enigCD8D03E71C015A0FAC08FD0B--