From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O78zpWs8xG0q for ; Tue, 12 Jul 2011 13:40:31 +0200 (CEST) Received: from mail-yw0-f50.google.com (mail-yw0-f50.google.com [209.85.213.50]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Tue, 12 Jul 2011 13:40:31 +0200 (CEST) Received: by ywa6 with SMTP id 6so2253365ywa.37 for ; Tue, 12 Jul 2011 04:40:30 -0700 (PDT) Message-ID: <4E1C32AC.5040806@gmail.com> Date: Tue, 12 Jul 2011 07:40:28 -0400 From: =?ISO-8859-1?Q?Jorge_F=E1bregas?= MIME-Version: 1.0 References: <20110711231732.596b8622.ldarby@tuffmail.com> In-Reply-To: <20110711231732.596b8622.ldarby@tuffmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Passphrase protected key file? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 07/11/2011 06:17 PM, Laurence Darby wrote: > gpg -d ~/pass_key | cryptsetup luksOpen --key-file - /dev/loop1 loop1 I don't see the point of this. If you need to enter a passphrase for GPG to decrypt your stored key...why not simply use a passphrase (instead of a key file) for cryptsetup? In both cases you would be entering a passphrase (so the manual work is the same). Also, if you use just a passphrase for cryptsetup I see an advantage there: there's no hash or "encrypted version" of my passphrase stored _anywhere_ on the system. Regards, Jorge