Want to set up an Elitedesk with a big 3,5" disk as backup server. Want to use ZFS with native encryption. Server will be mostly off and switched on for backups.
How do I enter the encryption key?
- sitting on the unencrypted part of the system is pointless
- sshing in and typing in the key is laborious
So I thought of keeping the key on my main laptop or mobile and putting a script behind a button, that does the ssh in and load-key part. Of course this only shifts the problem of keeping keys safe to the mobile, but it contains lots of secrets, anyway.
Opinions?
The called script must store the key temporarily on the unencrypted part of the file system, as load-key -L loads from a file. There is no /dev/shmem, is it?
How do I enter the encryption key?
- sitting on the unencrypted part of the system is pointless
- sshing in and typing in the key is laborious
So I thought of keeping the key on my main laptop or mobile and putting a script behind a button, that does the ssh in and load-key part. Of course this only shifts the problem of keeping keys safe to the mobile, but it contains lots of secrets, anyway.
Opinions?
The called script must store the key temporarily on the unencrypted part of the file system, as load-key -L loads from a file. There is no /dev/shmem, is it?