I also know that protecting the keyring is of paramount inportance
in a security situation. All I could suggest is an unencrypted copy
of the root/critical systems with updated keyring and archived and
stored in a physically high security area. For that matter I think
any mission/critical or rapid recovery system should have this anyway.
Sure, but depending on one's threat model this is precisely the data
that needs to be encrypted in transport.
My last emergency (total hard drive failure in tape drive system), I
did a fresh install and then used dd to read the whole tape to disk
(streaming, and read bits on first pass). This is almost just like
'amrestore -c /dev/nrst0', and having that would have been easier.
--
Greg Troxel <[EMAIL PROTECTED]>
