encryption of partitions/lvm without speakup
jason at jasonjgw.net
Tue Mar 1 01:44:08 EST 2011
Gregory Nowak <speakup at braille.uwo.ca> wrote:
>Thanks to Joe, Alex, and Luke for your input. It's pretty much as I
>had figured things to be. I haven't heard of ecryptfs before though,
>will have to look that up.
One advantage (if your entire system doesn't have to be encrypted) is that it
stores the files under directories in whatever file system you are already
using - it doesn't require its own file system, partition or logical volume,
if I recall rightly.
Encryption of the file names as well as the contents was introduced several kernel releases ago.
nother option for those requiring full system encryption might be to try to
get it working with a Yubikey or similar device. A Yubikey can be configured
to generate a fixed password, but that isn't the standard or recommended
mode of operation. Rather, it normally generates a one-time encrypted password
that can be verified locally or remotely and integrated into PAM.
More information about the Speakup