I use the following approach to encrypting my disks. I use an encrypted loopback device. The version of losetup I use permits me to store the disk key in a PGP encrypted file and decrypt it (with gpg) when needed. I made many backups of the both my personal keyring and the file with the encrypted loop key. So the only "secret" I have to remember is the passphrase on my normal PGP key, which I am not liekly to forget.
Of course there is a trade-off here. If my PGP key is compromised, my
disk encryption is at risk (if the encrypted disk key file is
compromised as well).
-Jeff
P.S. If you run a reasonably modern Linux system, and have more then
one system, you can use "drbd" to implement software mirroring between
the two systems. Clever use of openvpn and encrypted loopback devices
can do this securely as well.
--
=============================================================================
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
[EMAIL PROTECTED]
============================================================================
smime.p7s
Description: S/MIME cryptographic signature
