One would obviously NOT store the key on harddisk. That wouldn't make any sense and is not necessary.
This could be similarly achieved as the normal FDE with passphrase. But instead of the actual harddisk as target, the target of the "yet to implement" encryption of the keydisk would be the key on the keydisk itself. g On 2019-10-22 23:40, Aaron Mason wrote: > On Wed, Oct 23, 2019 at 5:11 AM List <l...@md5collisions.eu> wrote: >> I'm sorry I might have not been so clear about it. I meant a way to >> encrypt the actual keydisk with a passphrase. >> >> On 2019-10-18 13:34, Jan Stary wrote: >>>>> On Wednesday, October 16, 2019 11:06 PM, List <l...@md5collisions.eu> >>>>> wrote: >>>>>> I was wondering if there is a reason for the lack of keydisk encryption. >>> $ man bioctl >>> # bioctl -h -v -c C ... >>> > To what end? At some point you're going to have to store the > passphrase somewhere it can be easily read, and all you've really > achieved is a way to, at best, slow down a potential attacker. >
signature.asc
Description: OpenPGP digital signature
