I use the following approach to encrypting my disks. I use an encrypted loopback device. The version of losetup I use permits me to store the disk key in a PGP encrypted file and decrypt it (with gpg) when needed. I made many backups of the both my personal keyring and the file with the encrypted loop key. So the only "secret" I have to remember is the passphrase on my normal PGP key, which I am not liekly to forget.
Of course there is a trade-off here. If my PGP key is compromised, my disk encryption is at risk (if the encrypted disk key file is compromised as well). -Jeff P.S. If you run a reasonably modern Linux system, and have more then one system, you can use "drbd" to implement software mirroring between the two systems. Clever use of openvpn and encrypted loopback devices can do this securely as well. -- ============================================================================= Jeffrey I. Schiller MIT Network Manager Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room W92-190 Cambridge, MA 02139-4307 617.253.0161 - Voice [EMAIL PROTECTED] ============================================================================
smime.p7s
Description: S/MIME cryptographic signature