From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-140953-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id EFE6B138010
	for <garchives@archives.gentoo.org>; Mon,  3 Sep 2012 22:15:00 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id BB28B21C0C3;
	Mon,  3 Sep 2012 22:14:41 +0000 (UTC)
Received: from mout.web.de (mout.web.de [212.227.15.3])
	by pigeon.gentoo.org (Postfix) with ESMTP id B902B21C078
	for <gentoo-user@lists.gentoo.org>; Mon,  3 Sep 2012 22:12:58 +0000 (UTC)
Received: from 3capp-webde-bs10.server.lan ([172.19.170.10]) by
 mriweb.server.lan (mriweb002) with ESMTPA (Nemesis) id
 0Lvfgg-1Tek1m0Olw-017qFB for <gentoo-user@lists.gentoo.org>; Tue, 04 Sep 2012
 00:12:58 +0200
Received: from [94.221.159.125] by 3capp-webde-bs10.server.lan with HTTP;
 Tue Sep 04 00:12:58 CEST 2012
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Message-ID: <trinity-8e19d4ef-013d-477c-b7d0-00b1ccde2379-1346710378063@3capp-webde-bs10>
From: =?UTF-8?Q?=22Roland_H=C3=A4der=22?= <r.haeder@web.de>
To: gentoo-user@lists.gentoo.org
Subject: Aw: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Date: Tue, 4 Sep 2012 00:12:58 +0200 (CEST)
In-Reply-To: <trinity-f7c5ffa7-f823-43b1-bfbf-b4a799518634-1346707396655@3capp-webde-bs10>
References: <trinity-d4c8875e-6af1-4873-9151-83c82e7599a8-1346703623543@3capp-webde-bs27>
 <trinity-aebe8c59-aa7a-40ec-b60b-ae9e5d9f11e7-1346704595742@3capp-webde-bs27>,
 <504518A3.7000207@binarywings.net>,
 <trinity-f7c5ffa7-f823-43b1-bfbf-b4a799518634-1346707396655@3capp-webde-bs10>
Importance: normal
Sensitivity: Normal
X-UI-Message-Type: mail
X-Priority: 3
X-Provags-ID: V01U2FsdGVkX1+wlQzLjjlcWp29POqF8ePKqWhEKsrrZc71nfukPy+El+08sLBmr96K
 5UGkrpaeszid8OO3Elb5bliNRCJKmvtwBVPJpJBjDkWiKn6UcVLo3A==
X-Archives-Salt: 204a623c-8748-43e2-96d6-0b4a0a6f791f
X-Archives-Hash: e7f82b119389719ca7acf3e7a5af1be3

Okay, I have made a little progress. I have generated my private key using some random data + gpg:

# head -c 3705 /dev/urandom | head -n 66 | tail -n 65 > key.out
# gpg --symmetric -a --s2k-count 8388608 key.out
<Enter your password twice>
# mv key.out.asc key.gpg
# rm -f key.out

Now I have to copy that file on my stick and setup /etc/conf.d/dmcrypt:

# whole root system encrypted with gpg key from removeable media
target=crypt-root
source='/dev/hdaX'
key='/key:gpg'
# This is your stick
remdev='/dev/sda1'

But what next? The example at [1] is based on key-only file (no passphrase). I know, later on /etc/conf.d/dmcrypt must be placed on the new root-fs but what now? I still have to setup it. cryptsetup doesn't do anything with gpg. So I have setup a pipeline?