On Wed, Jun 15, 2022, at 2:47 PM, Markus Wichmann wrote:
> libgcrypt can be used instead of OpenSSL. I don't know if that
> helps any.
Thanks for your reply. This does help, actually; while I'm making an effort to avoid OpenSSL (and even LibreSSL), I can't imagine I'll be able to avoid GnuPG since I know of no replacement for the important functionality it provides.
> If you are willing to forego LUKS, you can roll your own dm-crypt
> solution
I think I had dismissed that offhand to begin with due to the downsides you mentioned, but sounds like it may be worth a closer look at least. I have never tried plain dm-crypt without LUKS.
> Why would you need to patch util-linux for loop-AES? And would it work
> with dm-crypt?
Are you familiar with loop-AES? (
http://loop-aes.sourceforge.net/loop-AES.README ) My understanding is that the project provides a replacement "loop.ko" kernel module that gives loop devices support for block-level encryption. But then userspace still does not know how to set up encrypted loop devices, set encryption-related mount options, etc., so they also offer patches for the losetup and mount programs to make this functionality available.
In any case I don't think it interacts with dm-crypt at all.
To me it sounds much nicer than the complexity of dm-crypt+LUKS. It pre-dates them as well. I wonder why it has been kept out of the kernel tree all this time. It's an old project but I'm not familiar with the history.
Taylor
Received on Thu Jun 16 2022 - 02:59:34 CEST