Okay, I have made a little progress. I have generated my private key using some random data + gpg:
# head -c 3705 /dev/urandom | head -n 66 | tail -n 65 > key.out # gpg --symmetric -a --s2k-count 8388608 key.out <Enter your password twice> # mv key.out.asc key.gpg # rm -f key.out Now I have to copy that file on my stick and setup /etc/conf.d/dmcrypt: # whole root system encrypted with gpg key from removeable media target=crypt-root source='/dev/hdaX' key='/key:gpg' # This is your stick remdev='/dev/sda1' But what next? The example at [1] is based on key-only file (no passphrase). I know, later on /etc/conf.d/dmcrypt must be placed on the new root-fs but what now? I still have to setup it. cryptsetup doesn't do anything with gpg. So I have setup a pipeline?
