On Wed, Jun 15, 2022, at 2:47 PM, Markus Wichmann wrote: > libgcrypt can be used instead of OpenSSL. I don't know if that > helps any.
Thanks for your reply. This does help, actually; while I'm making an effort to avoid OpenSSL (and even LibreSSL), I can't imagine I'll be able to avoid GnuPG since I know of no replacement for the important functionality it provides. > If you are willing to forego LUKS, you can roll your own dm-crypt > solution I think I had dismissed that offhand to begin with due to the downsides you mentioned, but sounds like it may be worth a closer look at least. I have never tried plain dm-crypt without LUKS. > Why would you need to patch util-linux for loop-AES? And would it work > with dm-crypt? Are you familiar with loop-AES? ( http://loop-aes.sourceforge.net/loop-AES.README ) My understanding is that the project provides a replacement "loop.ko" kernel module that gives loop devices support for block-level encryption. But then userspace still does not know how to set up encrypted loop devices, set encryption-related mount options, etc., so they also offer patches for the losetup and mount programs to make this functionality available. In any case I don't think it interacts with dm-crypt at all. To me it sounds much nicer than the complexity of dm-crypt+LUKS. It pre-dates them as well. I wonder why it has been kept out of the kernel tree all this time. It's an old project but I'm not familiar with the history. Taylor
