On Wed, May 7, 2014 at 7:36 AM, Walter Dnes <waltd...@waltdnes.org> wrote: > > On Wed, May 07, 2014 at 12:50:53AM +0300, Alon Bar-Lev wrote > > Checkout[1] > > > > [1] > > http://alonbl.shoutwiki.com/wiki/Gentoo/Linux_Disk_Encryption_Using_LoopAES_And_SmartCards > > Unfortunately, 90% of the wiki entry is irrelavant to my situation. > It's aimed at encrypting the entire machine, and making it bootable with > initramfs. I just need to encrypt a USB key.
Encrypting USB key without booting from it? > I see that it also says to build various stuff with the "static" USE > flag. I assume this is for an initramfs boot. Looking at the ebuild, I > see that it strongly suggests static-libs builds for a whole bunch of > stuff. I don't know if this is required in all cases, or simply for > booting from an encrypted disk... > > LIB_DEPEND="dev-libs/libgpg-error[static-libs(+)] > dev-libs/popt[static-libs(+)] > sys-apps/util-linux[static-libs(+)] > gcrypt? ( dev-libs/libgcrypt:0[static-libs(+)] ) > nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) > openssl? ( dev-libs/openssl[static-libs(+)] ) > sys-fs/lvm2[static-libs(+)] > sys-libs/e2fsprogs-libs[static-libs(+)] > udev? ( virtual/udev[static-libs(+)] )" > > Also interesting is that this webpage recommends *NO* loop support in > the kernel. This may be important, i.e. loop-aes may provide the > support, and clash with the kernel code. Time to head off to bed > tonight. I'll try again in the morning. Correct. If you want to use loop-aes you must disable the kernel loop, this is how things are done. Alon
