On Mon, 7 Feb 2011, unix_fan wrote: > Our Winders boxen use PGP Whole Disk encryption so we'd like to use > it for Linux laptops as well. Turns out the PGP implementation is > .... suboptimal. > > Our main requirement is that Whole Disk Encryption be implemented in > a manner which allows for an Alternate Decryption Key (ADK), so that > the device content is available in case the primary laptop user gets > hit by the proverbial bus. > > 2. If you are using something else that includes an ADK capability, > what is it? Is it OpenPGP compliant by any chance?
Newer versions of Fedora and RHEL (and clones) use LUKS to encrypt everything but the MBR. A LUKS-encrypted disk can have up to eight alternative keys/passphrases. We use it for laptops and so far have had good luck. Laptop users each have a decrypt passphrase, and we keep another one for sysadmins escrowed centrally. AFAIK, it's not PGP-compliant at all, but I've never even investigated that question. -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
