Plausible denaibility: Something many geeks like ...
but luks is better ... since I can change the keys
Well,
actually speaking you are not changing the key in luks. You are, to my knowledge, only adding more encrypted forms of key using different passphrases
I still believe plain dm-crypt is the best !
The way I do it !!! (prior setup of gpg and basic knowledge of gpg is necessary)
create a large (fairly) password
dd if=/dev/urandom of=<secure place>/key
gpg --encrypt key
>>>Give your email ID here
create the DM
gpg -qd key.gpg | cryptsetup plainOpen --key-file - /dev/<device> <mapping>
now use /dev/mapper/<mapping> (create FS, mount and store data)
Your key is to be safely kept probably in a memory stick in some locker.
gpg will decrypt your key each time you use the key.gpg
key.gpg is very safe and can be kept in filesystem anywhere
but luks is better ... since I can change the keys
Well,
actually speaking you are not changing the key in luks. You are, to my knowledge, only adding more encrypted forms of key using different passphrases
I still believe plain dm-crypt is the best !
The way I do it !!! (prior setup of gpg and basic knowledge of gpg is necessary)
create a large (fairly) password
dd if=/dev/urandom of=<secure place>/key
gpg --encrypt key
>>>Give your email ID here
create the DM
gpg -qd key.gpg | cryptsetup plainOpen --key-file - /dev/<device> <mapping>
now use /dev/mapper/<mapping> (create FS, mount and store data)
Your key is to be safely kept probably in a memory stick in some locker.
gpg will decrypt your key each time you use the key.gpg
key.gpg is very safe and can be kept in filesystem anywhere
No comments:
Post a Comment